Do you have one of the IIS exploit viruses, like Nimda or Code Red, running on your networks? Those could easily fill up the maximum of four connections to the empeg web server with their constant pounding of HTTP requests.