Get off Windows Server 2003: what you need to know about EOL

There will be no more security updates soon…

Windows server 2003 migration

If you're still running Windows Server 2003 on any of your systems, it's time to take an urgent look at your options, because as of July 15, 2015, you're not going to be getting patches and security updates any more (unless you're paying for the extremely expensive direct support), and you'll no longer be able to get phone or online support. July 14 is the last Patch Tuesday that will cover Windows Server 2003 and Windows Server 2003 R2.

That means that if you process customer credit cards or fall under the PCI DSS regulations for any other payments, which say that you have to have the latest security patches installed, then you might end up getting fined, see your transaction fees go up, or even have your bank refuse to accept transactions.

Malware and other issues

As well as the threat of malware that takes advantage of faults found in Windows Server that Microsoft will no longer be patching, you may start running into issues with certificates. The less secure SHA1 algorithms and certificates are being deprecated (Chrome is dropping them particularly quickly) but Windows Server 2003 needed a hotfix to get certificates signed using SHA2 algorithms – and if any more issues show up, Microsoft won't be issuing hotfixes.

On the storage side, Windows Server 2003 only works with the very old, very slow SMB 1 protocol; the latest version is 3.1.1 and it's considerably faster. Not only will moving to a newer version of Windows Server mean that accessing file shares and other storage on your server will be much faster, Microsoft is also planning to ship future versions of Windows with SMB 1 disabled, which means at some point you'll have to reconfigure new PCs to connect to file shares on Windows Server 2003 at all.

Moving to a new version of Windows Server will get you a lot of new and improved features, from virtualisation with Hyper-V (if you're currently paying for VMWare tools, you can get many of the features free in recent versions of Windows Server), through Storage Spaces that let you build your own storage network with cheap disks in your server, to Direct Access that lets you replace VPNs with something much easier for users.

Security is much improved, plus Windows Server 2008 and later versions give you the option of running the minimal Server Core install; with a smaller footprint, there are fewer bugs – and fewer security patches to install, which means fewer restarts.

Third-party updates

You can expect to stop getting updates for any software you're running on your Windows Server 2003 system as well. Microsoft has already stopped supporting Exchange 2003, SharePoint Portal Server 2003, Project Server 2003 and Live Communication Server 2003 (SQL Server 2005 reaches end of support on April 12, 2016), but third-party vendors often stop making sure new releases run on out of date versions of Windows Server.

You'll find it hard to use Windows Server 2003 with Microsoft Azure as well; running Server 2003 in a virtual machine on Azure isn't supported, so you can't just virtualise your servers and run them in the cloud.

In fact, virtualising Windows Server 2003 systems doesn't help you very much – you can treat it as a last resort for dealing with applications you're not ready to replace that won't run on newer versions, but running a Windows Server 2003 VM on even the latest version of Windows Server doesn't get you any support. If you have to virtualise, put the server on a private network and set up a VPN so only specific machines get access to it, but remember that's only a temporary solution.