back to article Why 1.6 million people will miss Microsoft's Windows Server 2003 date with fate

Upgraded your Windows Server 2003 yet? Don’t worry, you’re not alone. Gartner reckons there are eight million Windows Server 2003 OS instances in operation, and SI Avanade reckons that of those instances, a full 20 per cent – 1.6 million – will blow past the 14 July end-of-support date. What happens six months from now, on 14 …

  1. MJI Silver badge

    Will the embedded workaround work?

    My home PC still gets updates using this technique, could you use it for S2003?

    My migration BTW relies on trying to get WINE working.

    1. JamesTQuirk

      Re: Will the embedded workaround work?

      Maybe you could try running as a VM in linux, Then use linux iptables to control system/firewall, while windows walks around, with knickers around ankles ...

      I am looking (3days) @ these new "instant VM's" as a basis for a new defense, maybe either vetting clients before giving access, or springing into life as a HoneyPot, and culdesac'ing them there ( thanks for the idea, "hackers"), or maybe "piggy in the middle" where Server <-> VM <-> Client ... Still thinking about it, like the the "other people" ....

  2. Ashton Black

    Rockin' hard place.

    I've contracted at a number of businesses that would want to upgrade, but have fallen into a technical trap. They purchased bespoke, carefully tailored apps, written, at great cost which run their business or manufacturing processes. It's not the problem of upgrading windows, but in shelling out to have these varied esoteric applications either upgraded in parallel or in some cases, completely re-written.

    In one case, a re-write of some control software for laboratory networks, was quoted at £1.2million since the company who wrote it was bought out by BAe several years ago and they didn't want to do it. (This was to go from a Win2k3 to Win2k8R2 box... one box).

    1. Anonymous Coward
      Meh

      Re: Rockin' hard place.

      Of course many of these 2003 server will be running in a VM, Yes you can still get attacked, but if not internet facing, decent practises are followed, then risk can be reduced to an acceptable amount. It's simply a risk vs cost scenario.

    2. Anonymous Coward
      Anonymous Coward

      Re: Rockin' hard place.

      That is a real trap if you don't own the source code. I assume that is the case. Yea, ye are well and truly laid over the barrel and there will be much squealing.. Some people never learn.

    3. Doctor Syntax Silver badge

      Re: Rockin' hard place.

      "they didn't want to do it"

      And do they also not want to make sales of their other products or services in the future?

    4. theOtherJT Silver badge

      Re: Rockin' hard place.

      Absolutely. This is how we got screwed, and are still getting screwed. We have some "web apps" that only work on IE6 - you know, just trivial things like payroll and HR management. We've been operating a running retreat from these things for years. First by forcing people to use an XPmode VM, then when XP ended, RDP to a 2003 terminal server.

      I have no idea what we paid for them originally, but the way finance talk about it it seems to be somewhere in the region of what it cost to occupy Iraq, and no one wants to even consider what it'll take to have them (and the now hundreds of gigabytes of arcane database back-end that they're connected to) re-written to something fit for the 21st century.

      It seems that the only way they're going to get changed is _after_ something terrible happens and we get sued for some truly horrific data leak. Everyone seems to acknowledge that it's a matter of "when" not "if" but it takes 5 years just to complete the consultation phase of a project to change something this size around here, and there's no sign that consultation will even start until the deadline for change is in the past.

    5. Electron Shepherd
      WTF?

      Re: Rockin' hard place.

      I'm struggling to understand the problem with just running the old application on the new server.

      Do these systems have some sort of hard-coded version check in them that prevents them running on a newer OS? One of the reasons for Microsoft's commercial success is their fanatical devotion to backwards compatibility - some of the things that go into Windows to make misbehaving applications work are incredible (see Raymond Chen's Old new Thing blog for some examples).

      A developer building a system in, say, 2005 would have to do some really odd things to make a system that didn't work the same way when run on Server 2008 or Server 2012. Is the application vendor simply saying "we don't support that OS, so any problems you're on your own", or does the software technically not work?

      1. Nick Ryan Silver badge

        Re: Rockin' hard place.

        Well written software should continue to work on a later OS however the other factor is how many specific OS, or OS locked application, dependencies there are in place.

        One of the more common application problems will be poorly written IIS applications or IIS applications that use features that have been deprecated or altered in a non-backwards compatible manner on later versions. I've found that on a few occasions that it's just the damn installer that has the problem, the application itself runs fine on a new instance of IIS. IIS is a particular problem here because there is no separation between the IIS application and the OS - get a new OS, get a new version of IIS, there is no choice on this.

        A business problem is the challenge that in many cases the current servers continue to run fine, are reliable and haven't had a problem in the last 18 months... therefore why should they be changed now? Computers are tools and one shouldn't have to replace working tools.

        1. theOtherJT Silver badge

          Re: Rockin' hard place.

          "A business problem is the challenge that in many cases the current servers continue to run fine, are reliable and haven't had a problem in the last 18 months... therefore why should they be changed now? Computers are tools and one shouldn't have to replace working tools."

          The problem is that is only partially true. It's like expecting to use a Model T Ford as a long distance taxi on the motorway. Now a Taxi is a tool, and a Model T could be a taxi, so yes, it's possible and you could argue that it's doing everything you require of it vis-a-vis moving a small number of people from one place to another, but it would be seriously inconsiderate to everyone you're holding up and bloody dangerous to yourself and your passengers.

          The trouble we have here - and I imagine the same is true in most places - is that we have a layer of management who can't wrap their heads around the pace of change in IT. A 20 year old car probably isn't terribly different from a brand new one in most cases. A 40 year old car is still recognizable and does pretty much the same things (albeit slightly less well). Even a 60 year old car could be reasonably expected to more or less work in the ways we're still used to... There's still plenty of Austin TX4's still on the roads being taxi's today, nearly 60 years after they were first designed.

          By the time you get back to the good old Model T with it's weird controls, complete lack of safety equipment and hopeless top speed it's obvious that it's no longer fit for purpose - but we had to go back nearly 100 years for that. The idea that the same thing might happen in only the 12 years since Server 2003 was released just doesn't fit in some people's heads, and until something _does_ go badly wrong, they're not going to be able to accept that it can.

  3. Anonymous Coward
    Anonymous Coward

    And...

    One of our production systems is still running its own Server 2003DC, a couple of servers in a cluster and about 100 XP(embedded) Workstations.

    The application supplier has just released a version of their application that runs on Server 2008R2 and windows 7. Like another poster, they really didn't want to do the work to make the uprade work on newer versions of windows Server.

    When we asked about Server 2012 and Windows 8/10 support they were talking about 1-2 years and $500K.

    As the plant won't be upgraded until 2024 (so that rules out a vendor change until then) at the earliest someone is going to have to bite the bullet and pay for at least one more round of upgrades. I am certain that we aren't alone in having to face this sort of issue.

  4. Anonymous Coward
    Anonymous Coward

    XP vs 2003

    "Another upgrade, just over a year after Windows XP?"

    2K3 patches do in fact apply cleanly and work on XP, so technically, XP is still supportable, albeit unofficially, for free until 2K3 support stops.

    1. Piro Silver badge

      Re: XP vs 2003

      Then it's still supported due to XP embedded updates.

  5. dogged

    Server systems are generally thought isolated from external attackers

    wat

    1. big_D Silver badge

      And all of those Exchange 2003 servers out there?

      "It is just email and it runs reliably, why would I want to upgrade?"

      I've seen some 2003 servers that have never had any updates applied to them, because they "just work". :-( Still, I suppose the good news is that the July 2014 cut-off won't make any difference to them.

    2. Halfmad

      They close the windows so external attackers cannot attack.

  6. 45RPM Silver badge

    We'll pay for custom support, if it's available, otherwise we'll just take our chances whilst we finish porting our code to Linux. The thinking is that there's no point updating and porting (because SQLServer has changed too much) to a newer version of Windows when we're planning to give Redmond the heave ho in the next twelve months.

    That's not my thinking by the way, I'm far too lowly to be privy to such negotiations, but I have to say that (for once) I kinda understand it - even though I've been pressing for an interim Windows upgrade.

    1. big_D Silver badge

      Just wait! I've seen current mission critical installations still running SuSE 8 from 2000!

      1. Anonymous Coward
        Anonymous Coward

        Just wait

        In 2010, I knew a production shop that was still happily running NT 3.51 server and all their unchanged apps. Needless to say, they hadn't upgraded anything in a LONG time.

    2. dogged

      > SQLServer has changed too much

      It's changed a lot but I guarantee that SQL Server 2000 has more in common with Sql Server 2014 than it does with PostgreSQL or MySql. For a start (in the latter case) it's not a glorified flat file.

      1. Anonymous Coward
        Anonymous Coward

        " I guarantee that SQL Server 2000 has more in common with Sql Server 2014 than it does with PostgreSQL or MySQL"

        Not to mention an order of magnitude fewer security holes in the last 14 years in Microsoft SQL too...

        1. dogged

          > Not to mention an order of magnitude fewer security holes in the last 14 years in Microsoft SQL too...

          That has nothing (or very little) to do with the actual software. MySql is free and given away like breakfast cereal toys wtih every damn webhosting package in the world. What that means is that it's configured by people who should not be allowed to operate an electric typewriter let alone set up a secure database and so what they set up was an unholy mess in about 80% of cases.

          The requirement to actually pay for SQL Server means you get less (not none, but considerably less) incompetents building 'net-facing systems.

          You know, you really need to stop trotting out MS's recent security record. It's not a competition, regardless of what any of Bob Vistakin's AC accounts claim. Everyone tries hard on security. Everyone is continually patching. Nobody is perfect.

          I dunno about you but I'm not a salesman so I don't really understand this urge to say one OS or manufacturer is somehow "better" than another.

          1. Anonymous Coward
            Pint

            I don't really understand this urge to say one OS or manufacturer is somehow "better" than another

            I think someone has hacked into dogged's account.

            1. dogged

              I think I would have noticed.

              In any case, I haven't said anything different from anything I say around here. At home, we have multiple OS's - herself's Apple stuff, the Hudl the boy plays games on, my debian servers, a Win8.1 dev box, a laptop currently running xubuntu....

              I don't proselytize or try to sell anyone anything. I just try to counter the undeserved slating that many products get, even when they're actually pretty good. There are OS-jihadists here. I am not one of them.

            2. dogged
              WTF?

              Wait.....

              how did that AC manage to post with a "pint" icon?

              1. big_D Silver badge
                Pint

                @dogged try reading Ender's Game, then you'll understand. ;-)

                1. John Gamble
                  Boffin

                  Or Not The Ender's Game Technique

                  Except I clicked on the name and it does appear to be a genuine AC, sending me to the "we allow anonymous posting" explanations, instead of a list of postings by AC+blank.

                  So the point about the pint still stands. Unless there's a bug in El Reg's name-tracking.

                  1. Giraffe67

                    Re: Or Not The Ender's Game Technique

                    Perhaps it's running on 2k3 ;P

          2. Anonymous Coward
            Anonymous Coward

            "Not to mention an order of magnitude fewer security holes in the last 14 years in Microsoft SQL too...That has nothing (or very little) to do with the actual software."

            It has everything to do with the actual software. SQL Server has had hardly any vulnerabilities in a over a decade, Oracle has had hundreds and MySQL dozens.

            1. dogged

              Oracle's are mostly related to embedding Java in it, which I suspect was done as proof that even Oracle can be made more obnoxious, obtuse, unfriendly and expensive if you try really hard.

              Vulnerabilities affecting data in SQL Server tend not to be based on SQL Server because it outsources so much of its security layer to Windows and Active Directory (apart from the classic "sa - no password" thing which is thankfully becoming rarer).

              You're simply not comparing like with like.

              1. Tim99 Silver badge
                Coat

                @dogged

                ... related to embedding Java in it, which I suspect was done as proof that even Oracle can be made more obnoxious, obtuse, unfriendly and expensive if you try really hard.

                As someone who was writing stuff with Oracle databases since Oracle V4, I can assure you that it did not need Java to make Oracle more obnoxious, obtuse, unfriendly and expensive - They managed that perfectly well with C...

                1. dogged

                  Re: @dogged

                  Oh, I agree.

                  After nearly 20 years in this industry, the only thing I am certain will never change is that Oracle hates you.

                  However, for sheer evil, embedding Java sprocs was a masterstroke.

    3. Anonymous Coward
      Anonymous Coward

      @45RPM,

      We finished upgrading our last windows client just before christmas. They had exactly the same thought as your people and have now given MS the big heave ho. There has not been any complaints from anyone there but they have had a few questions along the lines of 'why didn't we do this years ago'.

      1. 45RPM Silver badge

        @Ivan 4 “they have had a few questions along the lines of 'why didn't we do this years ago’."

        I’ve been in the Linux vanguard - pressing ahead with Linux when all others wanted to preserve the status quo. It seems to me that Linux has a lot of upside. But I’m not entirely comfortable about running on an old, and unsupported, version of Windows for up to 12 months while we finish porting the last few systems to Linux / mysql.

  7. joeldillon

    'Server systems are generally thought isolated from external attackers'

    Err...what? What does the author think servers are /for/, exactly?

    1. Doctor Syntax Silver badge

      Re: 'Server systems are generally thought isolated from external attackers'

      If you read the article it then goes on to call this an illusion and by implication an illusion held by those who also hold the purse strings.

    2. dogged

      Re: 'Server systems are generally thought isolated from external attackers'

      I got downvoted for asking this. Interesting.

  8. jason 7

    What I've found...

    ...in the realm of small business setups are quite a few that were sold over the top Server setups running 2003 for basic file sharing and backup duty, plus a nice monthly support fee.

    These are single core Dell boxes with a single 320GB HDD in them that have racked up thousands in costs over the past 10+ years.

    So I've been swapping them out for the small business level QNAP NAS boxes with double gigabit. Oh and at the same time I pulled the old 100Mb switch for a gigabit one. No more 200W noisy box in the corner, no more multiple DAT tapes for daily backup (same tapes from 2003 probably) and no more massive monthly support fee.

    1. xenny

      Re: What I've found...

      How are you replacing the off site backup the tapes allowed?

      1. jason 7

        Re: What I've found...

        Encrypted (if required) USB3.0 drive hooked into the back of the NAS and scheduled via the NAS to run a backup at lunchtime and then 10 mins before the person responsible for taking the drive home goes home.

        Far easier and faster than multiple tapes. Plug in and leave it for the day.

        All the PCs user data folders are backed up individually to the NAS in a staggered timing during the day also. These also go into the offsite backup.

    2. Anonymous Coward
      Anonymous Coward

      Re: What I've found...

      "So I've been swapping them out for the small business level QNAP NAS boxes with double gigabit"

      I have done similar, but with low end HP servers running Windows Server 2012 R2 Essentials. Similar total cost but far more functionality, and better support options.

      "Encrypted (if required) USB3.0 drive hooked into the back of the NAS and scheduled via the NAS to run a backup at lunchtime and then 10 mins before the person responsible for taking the drive home goes home."

      I just backup a snapshot several times a day to Azure. No humans required. Can't say I would want any random person plugging anything into to servers I look after...

  9. bill 27
    Pint

    Cute graphic.

    Reminds me of the TV show Dead Like Me.

  10. PatriceBoivin

    win2k3, win2k8, win2k12

    Ironically often it's the "important" applications which "can't be touched" and which apparently never have resources to stay up-to-date. It is often easier to justify spending on new "exciting" (buzzword related) projects than to maintain existing infrastructure.

    1. theOtherJT Silver badge

      Re: win2k3, win2k8, win2k12

      God ain't that the truth. The number of times I've been told "We can't shut it down for an update, it's a core system!" and had to get them to give me that in writing because I'm not carrying the can for what happens if we get screwed after a CVE has been published and then we didn't respond to it.

  11. Christian Berger

    But surely...

    Microsoft will bring out a "Windows Server 2003 Version 2.0". They won't put their own interests in front of their partners. After all many of the companies running those systems are Silver, Gold or perhaps even Foam-Partners.

    Sure that Windows XP disaster was just a one off mistake Microsoft did. They surely have learned from this, and wont do this again, haven't they?

    Or could it be that Microsoft is just like any other publicly traded company which has to act in the interests of their stock holders?

  12. Medixstiff

    I don't see why M$ can't just push the end date back until after Server 10 is due in 2016, at least that way Business can make the decision to go Server 2012 or the new Server version, which would obviously have a longer shelf life than Server 2012.

    1. Anonymous Coward
      Anonymous Coward

      hich would obviously have a longer shelf life than Server 2012.

      Why, when they can charge the same for something with a shorter life and make you upgrade sooner?

  13. This post has been deleted by its author

  14. ABCD1@

    Migration Tool for Windows Server 2003

    One third party tool for data migration is NEDAM. NEDAM (NEC Easy Data Migration Tool) is a file server data migration tool for Windows Servers. One of the main advantages is that users can continue to use the old server even during the migration process; Migration of file servers is possible even if the OS version/edition is different on the old and new servers. In case users have several networks between the old and new servers, one of the networks can be specifically chosen for the migration purposes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like