Why does the error "Tcp port is already in use" or "[10048] Address already in use" appear in EventSentry, or why is event ID 4227 from source TCPIP generated in the System log on my EventSentry server?

Article ID: 382
Category: General
Applies to: All
Updated: 2018-11-07

Preliminary testing suggests that these errors are caused by the July 2018 Windows Updates. There are several networking problems and service stability problems that Microsoft has acknowledged as being caused by these updates, and these networking problems may affect the EventSentry server's TCP connections, in particular the EventSentry Heartbeat Monitoring. The web reports may also stop responding (the TCP port becomes inaccessible) and the network and service stability issues introduced by the updates can prevent the web reports service from being stopped or restarted.

The problematic updates are:
* KB4338823 (security update) for Windows 7 and Windows Server 2008R2
* KB4338818 (monthly rollup) for Windows 7 and Windows Server 2008R2
* KB4338820 (security update) for Windows 8 and Windows Server 2012
* KB4338830 (monthly rollup) for Windows 8 and Windows Server 2012
* KB4338824 (security update) for Windows 8.1 and Windows Server 2012R2
* KB4338815 (monthly rollup) for Windows 8.1 and Windows Server 2012R2
* KB4338814 (security update) for Windows 10 version 1603 and Windows Server 2016 version 1603
* KB4338826 (security update) for Windows 10 version 1703 and Windows Server 2016 version 1703
* KB4338825 (security update) for Windows 10 version 1709 and Windows Server 2016 version 1709
* KB4338819 (security update) for Windows 10 version 1803 and Windows Server 2016 version 1803

To resolve the problem, either uninstall the problematic update and reboot, or follow the workaround or resolution posted in the "known issues" section of the Microsoft article that corresponds to your installed Windows update. Some systems remain affected even after the problematic update is removed, and require the corresponding workarounds to be installed for the problem to be fully resolved.



Try EventSentry on-premise

FREE 30-day evaluation

Download Now