Improving Policy Manager network performance in high network load in
Windows 2003 environments
When deploying Policy Manager Server (PMS) or
F-Secure Policy Manager Proxy (PMP) in large environments with hundreds of
users, the Windows 2003 server might run out of available, free TCP/IP ports.
This issue can manifest itself in various ways, e.g. as problems downloading
databases when connecting to the PMS directly, or when connecting via a PMP
The information provided applies both to PMS and PMP installations,
when running on top of the Windows 2003 operating system.
The investigation by R&D suggests that this is typically an issue
affecting Windows 2003 users and is related to the TCP ports available on the
To prevent the issue from reoccurring:
Make the following change in the network settings:
For the setting to be taken into use, restart the server.
If you have more than 100 users connecting directly to PMS, we
recommend that you increase the default polling interval for F-Secure
Management Agent from 10 minutes to 30 to 60 minutes.
The setting in F-Secure Policy Manager Console is available
Console > Settings > Communications > Protocols > HTTP
Incoming Package polling interval AND
Outgoing Package polling interval.
If you already have the MaxUserPort entry in the registry, make sure
not to specify a value which would lower the current MaxUserPort setting. For
more information, see
This information does not apply to Windows 2008 where the MaxUserPort
registry value specifies the number of dynamic ports. The range is from Start
range (default is 49152) to Start range + MaxUserPort. For more information,
Warning: Be very careful when making changes to the
MaxUserPort setting. Specifying MaxUserPort = 6000 instead of MaxUserPort =
60000 can easily kill a server especially if it is a Primary, Backup or Domain
Controller or has many additional network services installed (DNS, DHCP, SQL