Get off Windows Server 2003: what you need to know about EOL

Introduction and software updates

If you’re still running Windows Server 2003 on any of your systems, it’s time to take an urgent look at your options, because as of July 15, 2015, you’re not going to be getting patches and security updates any more (unless you’re paying for the extremely expensive direct support), and you’ll no longer be able to get phone or online support. July 14 is the last Patch Tuesday that will cover Windows Server 2003 and Windows Server 2003 R2.

That means that if you process customer credit cards or fall under the PCI DSS regulations for any other payments, which say that you have to have the latest security patches installed, then you might end up getting fined, see your transaction fees go up, or even have your bank refuse to accept transactions.

Malware and other issues

As well as the threat of malware that takes advantage of faults found in Windows Server that Microsoft will no longer be patching, you may start running into issues with certificates. The less secure SHA1 algorithms and certificates are being deprecated (Chrome is dropping them particularly quickly) but Windows Server 2003 needed a hotfix to get certificates signed using SHA2 algorithms – and if any more issues show up, Microsoft won’t be issuing hotfixes.

On the storage side, Windows Server 2003 only works with the very old, very slow SMB 1 protocol; the latest version is 3.1.1 and it’s considerably faster. Not only will moving to a newer version of Windows Server mean that accessing file shares and other storage on your server will be much faster, Microsoft is also planning to ship future versions of Windows with SMB 1 disabled, which means at some point you’ll have to reconfigure new PCs to connect to file shares on Windows Server 2003 at all.

Moving to a new version of Windows Server will get you a lot of new and improved features, from virtualisation with Hyper-V (if you’re currently paying for VMWare tools, you can get many of the features free in recent versions of Windows Server), through Storage Spaces that let you build your own storage network with cheap disks in your server, to Direct Access that lets you replace VPNs with something much easier for users.

Security is much improved, plus Windows Server 2008 and later versions give you the option of running the minimal Server Core install; with a smaller footprint, there are fewer bugs – and fewer security patches to install, which means fewer restarts.

Third-party updates

You can expect to stop getting updates for any software you’re running on your Windows Server 2003 system as well. Microsoft has already stopped supporting Exchange 2003, SharePoint Portal Server 2003, Project Server 2003 and Live Communication Server 2003 (SQL Server 2005 reaches end of support on April 12, 2016), but third-party vendors often stop making sure new releases run on out of date versions of Windows Server.

You’ll find it hard to use Windows Server 2003 with Microsoft Azure as well; running Server 2003 in a virtual machine on Azure isn’t supported, so you can’t just virtualise your servers and run them in the cloud.

In fact, virtualising Windows Server 2003 systems doesn’t help you very much – you can treat it as a last resort for dealing with applications you’re not ready to replace that won’t run on newer versions, but running a Windows Server 2003 VM on even the latest version of Windows Server doesn’t get you any support. If you have to virtualise, put the server on a private network and set up a VPN so only specific machines get access to it, but remember that’s only a temporary solution.

How to move

Migration considerations

If you’re still running Windows Server 2003, it might be because you don’t know it’s there – use the free Microsoft Assessment and Planning toolkit to find out if you have any servers that need replacing. This will also tell you what applications are running on your servers – think of it as a chance to see if you still need all those applications as well as to find out whether you can run the same software on newer versions of Windows Server.

You’re definitely going to need new hardware to run a new version of Windows Server; look for a server that has a TPM to get the best security features when you do move to Windows Server 2016. But don’t wait until that comes out in 2016 – you need to get off Windows Server 2003 before then.

Running Windows Server 2012 or 2012 R2 is a rather different experience from running Windows Server 2003, but while it’s tempting to move only to Windows Server 2008 or 2008 R2, remember that Windows Server 2008 is already out of mainstream support (as of January 2015), so you’ll only have to perform another migration soon.

There’s an advantage to buying a Windows Server 2012 R2 licence as soon as possible (even if you’re planning to use the downgrade rights to run Windows Server 2008 R2 instead of running the latest version) – on August 1, 2015 (according to a Microsoft blog that’s since been removed) the cost of Windows Server CALs (the client-use licences you need to buy for users who connect to your servers) will go up by about 13%.

Application compatibility

If you know about your servers and you still haven’t updated, it’s probably because you don’t want to move your apps. Windows Server 2012 R2 has pretty good application compatibility with Windows Server 2003; although it’s 64-bit only, most 32-bit applications will still run on it – as long as they don’t run in kernel mode or have any 16-bit code. You will need to get new versions of security software and system utilities like backup and management tools though (Windows Server now has Microsoft Defender anti-virus built in).

If you don’t have the original software for applications you want to migrate, use tools like AppZero to extract the application, along with its data and settings, and migrate it to the new system. Microsoft has the free online Exchange Server Deployment Assistant that lets you migrate Exchange data to a new server. There are third-party utilities from companies like Dell and Metalogix that can migrate workloads like Exchange, GroupWise, Notes, SharePoint and Project.

Treat the end of Windows Server 2003 as a chance to think about what your business needs its servers for, and do as much automation as possible to simplify the next time you need to update them. Given the popularity of cloud services, if you’re only using your server for email and file sharing, you can also think about switching to Office 365 and just having Network Attached Storage in the office for local files. You might even save some money by getting off Windows Server 2003.