When Written: April 2015
The news that XP has come to the end of its supported life has probably not escaped anyone with even a passing interest in computers and this process in not new, all versions of software at some time or another reach this point. The decision to upgrade is often taken for you when you buy a new laptop or workstation, however when it comes to servers the situation is rather different. These black boxes often sit in a rack in a secluded machine room somewhere and are only visited in the event of a hardware failure. It is not uncommon for a working server to be largely untouched for ten or more years excepting security updates to the Operating System of course. So now that Windows Server 2003 is about to come to the end of its supported life it is important to think how this might affect your organisation.
Server 2003 was a very successful and well liked operating system and often there was little reason to upgrade to future versions, and so there are probably many setups where this Operating System is still running on the original boxes now some eighteen years old! Even if the Operating System was not coming to its end of life it makes sense to consider changing the hardware before that starts to fail. Just because an Operating System reaches a point that the manufacturer decides is the end of its supported life, this does not mean that it will suddenly stop working, far from it. However security patches will no longer appear and of course there may well be an issue when trying to update the existing programs that are running on that particular box and you find that the new version will not install.
So what would be the best way to upgrade the Operating System? Don’t even consider trying to do an upgrade over the top of the existing Server 2003. There are two main reasons for this, one is that you would first have to upgrade from 2003 to 2008 and then to 2012 R2 Even if this went smoothly, something which is not guaranteed particularly on old hardware, the amount of down time involved would cause a lot of disruption to your organization, and what will you do if after the upgrade you find that some legacy system will not work on the new Operating System? There have been many changes over the years and several technologies have been dropped along the way. The multitude of ways that a program could communicate to a data source have been rationalised and so if you have a program that talked to your database via a technology like RDO then after the upgrade you will find that nothing will work, you will need to rewrite the program to work with ADO.NET, although to be fair it is probably time you did this. The other area that might give you issues is the version of XML parser that an app is using as this has changed significantly as well. The other big changes are in the level of security that is by default set into the Operating System, and whilst you can switch a lot of it back on and open things up a bit, you need to ask yourself if you really should, and is there a better and more secure way of configuring your new server? It is a good time to tidy those settings up that perhaps are no longer needed. Because of problems like these I would suggest that you upgrade the hardware if it is as old as the operating system, although of course by now it may have been virtualised onto a newer box. But in either case it is much better to start with a clean install of 2012 R2 on a new machine and start configuring things from there.
Your second decision is what version of Server 2012 should you use? There are nine versions in all, Datacenter, Standard, Essentials, Foundation are the main four but there are also two versions of the Storage Server and two versions of the Multipoint Server and a Hyper-V version, but these last five are unlikely to be used to upgrade an existing box as they are very different animals, specializing in virtualization, storage, or multiple user access. Although if you are currently using Server 2003 for any of these tasks it might be worth sitting down and re-thinking your network structure as the improvements are quite significant.
Going back to the more ‘normal’ versions of Server 2012 R2 which one should you choose? ‘Datacenter’ is the most expensive and is designed for large servers on which it is intended to virtualise more than a couple of machines. Unsurprisingly the price reflects this. ‘Standard’ will allow the virtualisation of a couple of machines and is probably the best version to go with as it is very flexible in its configuration as, unlike 2012 ‘Essentials’, ‘Standard’ does not have to install as an Active directory server. If you decide to join a 2012 server to your existing domain then the whole Domain will have to be migrated to the new domain format as the schema of the 2012 AD is different. This process is relatively painless but you do need to give some thought to any issues there may be when you upgrade all the domain controllers on your network, and allow time for all the synchronisation to take place between the various domain servers. The other drawback with 2012 ‘Essentials’ is as it must be an AD server and this will mean that the installation of a SQL Server database on the same machine is not recommended because of security and performance issues. The last version which is the most limited is 2012 ‘Foundation’ and this is normally only available when bought with new hardware as it is an OEM product this is more suited to the small business with less than fifteen users, think of it like the old Small Business Server.
So you have bought your shiny copy of 2012 Standard, now what? You can either create a new domain or add it to your existing domain or, in the case of a webserver, not worry about domains at all. If you are adding it to your existing domain then the process is about as painless as Microsoft could make it. In fact the whole install process is one of the nicest I have used. Whilst you can run the usual AdPrep command lines as before, now it has been made a lot simpler and diving into the command box should not be necessary. There was one little gotcha in particular that did cause a lot of users some issues when upgrading, the effect of this bug was that users were unable to log into the domain at times. This was caused by the Kerberos security authentication failing between 2003 and 2012R2 servers. Thankfully there is now a hotfix available for this and so it should no longer be an issue (http://support.microsoft.com/kb/2989971 ). Also bear in mind that if you are only used to 2003 or workstation installs, gone now are the days where almost everything was installed by default so now you will need to choose what roles you want your server to provide and it hand holds you through this process with excellent descriptions of each task. Even after you have run the setup, you can go back to this screen to add further functionality whenever you like as you discover something not working, like for instance, the SMTP service that now no longer installs with the Web server. I suggest that you first install the major components that you require and then go back and add any other lesser ones, particularly if they might be dependent on being part of the Domain. Take your time and examine each option’s dropdown list so you know exactly what you are installing. If you also plan to run a SQL server database on the same box then do not set it up as a domain controller not even if it a Read-Only Domain Controller, this configuration is not recommended by Microsoft for security and performance reasons (https://support.microsoft.com/en-us/kb/2032911?wa=wsignin1.0 ) so don’t do it!
One area that catches some out is that Server 2012 comes with its firewall switched on by default, the temptation is to switch this off and rely on the firewall box that you have in your rack. Now whilst this is perfectly reasonable thing to do, just stop and think for a while. The internet is a big bad place at times and any extra form of defence from it could be useful so unless it gives you real issues then keep it enabled. Should you do this and you have SQL server running on this box then to access the SQL Server from another machine you will need to open port 1433 as well as enabling named pipes within SQL server itself. Obviously you are only allowing access to this port from within your own network and possibly only from certain machines. The other thing if you are configuring a webserver that uses classic ASP rather than ASP .NET is to give the IUSR account read permissions to the root folder of your web. This is different to 2003 which just assumed you wanted to do this. Now obviously if you want to make things a little more difficult for any possible hackers you can change the account that the web server uses to one of your choice.
As we have leapt several years of changes in technology with this upgrade it is not surprising to find out that there are several technologies that have fallen ( or been pushed ! ) to the wayside. If your company relies on some of these then you have three options: Virtualise your existing server and leaving it running, but this is only putting things off till the day when a solution will need to be found, but it can be useful if the technology in question is being replaced in a newer version of your software that is not online yet. The second option might be to add the necessary support files and install a particular obsolete technology onto the new server. This is not recommended, but might be a solution if for a data transport layer for example, but this non-supported solution may give you issues later and should also be avoided if at all possible. The third option is, of course, to upgrade your application so that it no longer uses this particular technology and this is the best route.
JRO, Microsoft Jet database engine, MSDA SQL, Oracle ODBC, RDS, SQLXML, ESQL/C, DAO, DB-Library, MDAC, .NET Remoteing have all gone as have Remote Storage services, support for the IPX/SPX protocol so favoured by Novel servers (remember those?), services for MAC, NtBackup, remote Installation Services, Windows Recovery Console, the license Logging service and support for non-ACPI HALs are no longer there. This is by no means an exhaustive list as no such thing seems to exist as we found out when we asked Microsoft. They do however have a list of technologies in Server 2008 that have been removed in 2012 and 2012 R2:
For Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 these changes are documented on Technet:
As you can see there have been a lot of them and it is quite possible that a third party component or program will not work on the new operating system so it is very important that you fully test your proposed new setup on at least a virtual machine to try and catch the issues before they bite back when you go live.
Article by: Mark Newton
Published in: Mark Newton