Every time I have come across this event:
Event ID 4226
Description
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
it has been tied to some type of Malware/Virus. This can be confirmed using
netstat -no
Look at the last column (PID) and look for the PID with a lot of connections. You’ll see what I mean in the following screenshot:
Now that you have the PID (2064 in this case) fire up Task Manager or grab Sysinternal’s Process Explorer (http://live.sysinternals.com/procexp.exe) and start investigating!