Much like Windows XP reaching end-of-life this past April, the end is nigh for the server counterpart — Windows Server 2003 — which will conclude extended support on July 14, 2015. Unlike the end of support for Windows XP, the install base of Windows Server 2003 is lower as a total percentage of deployed systems, with an estimated 11 million systems running the now 11-year old OS, according to HP.
Inaction is not a solution
Custom support by Microsoft after the July 14, 2015 deadline is estimated to run at a relatively steep $200,000 per year, a cost too high for many organizations to simply throw money at the problem. It is unlikely that any extension to support of Windows Server 2003 will occur to give overworked IT departments more breathing room in their migration. Calls to extend support for Windows Server 2003, comparatively, are less urgent in contrast to the end of support for Windows XP, in which the Chinese government attempted to pressure Microsoft into continuing support for the aging OS.
Accordingly, organizations that store sensitive data and are obligated to use supported OSs per local or national laws, such as HIPAA in the US must migrate their servers toward a currently-supported OS. According to Steve Brennan, the Microsoft Business Development Manager at QA, the average migration for Windows Server takes 200 days. As such, there should be particular urgency in starting migrations from Windows Server 2003 now.
A bump in the road
Users attempting to migrate from Windows Server 2003 to Windows Server 2012 R2 are experiencing a rather difficult obstacle in their migration attempts. Microsoft has acknowledged a bug in which Kerberos authentication stops functioning in situations where Windows Server 2003 and Windows Server 2012 R2 domain controllers are serving the same domain, leaving administrators unable to log in. This, naturally, prevents operators from completing a migration away from Windows Server 2003.
According to Microsoft, the reason the bug occurs relates to the type of salting used for password encryption. The implementation of Kerberos in Windows Server depends on a salt from the key distribution center (KDC) to create keys on the client system. The differences in the encryption types used in the KDC on Windows Server 2003 (DES) and Windows Server 2012 R2 (AES) are mutually incompatible. As such, if the salt used to generate the keys is unsupported (as is the case here), the KDC cannot verify the password hash.
Microsoft has indicated that a hotfix for this issue is being developed, but no timeline has been provided as to when it will be released to the public.
Drawing your own roadmap
A migration of this scale requires a great deal of coordination and careful planning. Any migration, according to Microsoft, should consist of four steps: discovering the existing environment, assessing workloads, determining where those workloads can be moved to, and the actual migration of the workloads.
As technology and business software have advanced a great deal in the time since the introduction of Windows Server 2003, it is possible to do more with less hardware than before, and to offload some or all of a workload into the cloud — whether that is a private cloud on your own premises, a public cloud operated by a third party such as Google, Amazon, or Microsoft, or a hybrid cloud, which combines the strengths of both private and public cloud options.
Driving away from Redmond
When presented with the circumstance of a forced upgrade, the temptation to escape from the ecosystem you have been working in is a big consideration. Migrating from Exchange 2003 to Google Apps is a pleasantly straightforward process, as documented by TechRepublic’s Scott Matteson in this two–part series. Nonprofit organizations — which are more likely to be running on older hardware and software such as Windows Server 2003 — are eligible for free access to Google Apps, which can greatly reduce the cost of migrating away from Windows Server 2003.
What is your path forward?
How will the end of support for Windows Server 2003 affect your business? Have you already completed the upgrade process, or are you just getting started? Will you move some of your workload to the cloud? Let us know in the comments.
Disclaimer: TechRepublic and ZDNet are CBS Interactive properties.