News Stay informed about the latest enterprise technology news and product updates.

IT pros eye Windows Server 2003 SP2 with caution

Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2, which arrived with little warning two weeks ago.

Windows shops were caught off guard when Microsoft released Windows Server 2003 Service Pack 2 two weeks ago. It arrived with little warning as IT administrators struggled to fix glitches related to the earlier-than-usual start to daylight-saving time (DST), on a day where they had been expecting a break from Patch Tuesday.

Information Security Pain Points

Most IT professionals have since gotten over what they considered bad timing and publicity on Microsoft's part. But despite a series of security and stability updates, they are going slow with their deployments, concerned the service pack won't play nicely with other parts of the network.

"We haven't bothered to test it yet and won't install it until after April 15," said Brian Joyce, IT director for Chattanooga, Tenn.-based accounting firm Joseph Decosimo and Co. He said it would be crazy for a CPA firm to make system changes unless absolutely necessary during tax season, and he has seen nothing in Windows Server 2003 SP2 that looks critical. "It would be way too risky and unnecessary, even if tested, to install it [now]."

Windows Server 2003 SP 2 is a cumulative service pack with such new features as the Scalable Networking Pack to help customers boost performance of Windows Server 2003 workloads like storage and backup. It also includes Wi-Fi Protected Access 2 to help users connect to Wi-Fi hotspots, and improved IPsec filter management.

Eric Case, a support systems analyst with the University of Arizona's Department of Chemical and Environmental Engineering, said in an email that regardless of the security fixes that come with the package, "service packs tend to break things." Therefore, he too will wait to deploy it.

Eric Nooden, information systems manager for Rockford, Ill.-based Rockford Gastroenterology Associates, said he typically takes a wait-and-see approach to such releases because he doesn't have much of a testing environment. "We'll wait for a month to see whose systems get nixed by the service pack," he said in an email exchange.

We'll wait for a month to see whose systems get nixed by the service pack.
Eric Nooden
Information Systems ManagerRockford Gastroenterology Associates

Most IT professionals understand that it's unwise to push service packs onto production servers right after they are released, said Edward Ziots, network engineer for a health organization in New England.

"It's not good change management, they haven't been tested and can definitely cause problems or interruptions to service," he said in an email exchange. Still, he said, some will boldly go where no IT administrator should have gone before and apply Windows Server 2003 SP2 without testing first. They will "learn to feel the pain in being the deployment guinea pig," he added.

Though two weeks have passed since its release, some IT pros are still angry that Microsoft released Windows Server 2003 SP2 without little warning so soon after DST kicked in, especially since the company had announced that it would skip its monthly security update this month.

"I'm still steamed that they did it on Patch Tuesday with no heads up," said Susan Bradley, network administrator for Fresno, Calif.-based Tamiyasu, Smith, Horn and Braun Accountancy Corp. She also pointed to a posting in the official blog for SBS support and product group communications acknowledging that there had already been reports of the service pack causing problems.

After installing Windows 2003 SP2 on SBS 2003 with ISA 2004 installed, the blog said, users may experience the following problems:

  • They can no longer successfully connect inbound using VPN (Clients get "Error 800: Unable to establish connection").
  • They cannot reliably connect to the Internet using SecureNAT.
  • Some Outlook clients will fail to connect to the Exchange server, even with ISA 2004 SP2 and KB930414 installed.

The blog outlines steps administrators can take to fix those problems.

In the final analysis, Bradley said, Microsoft should have launched a better public relations campaign to prepare people for the service pack. "To have no pre-release buzz about a service pack is stupid marketing," she said in an email exchange. "Yes, even service packs should have marketing."

Not everyone was bothered by the timing, however. In his opinion, Nooden said, this service pack release was "pretty benign" and that Microsoft shouldn't have called this a service pack "since it looks too small in its updates to really be counted as one."

Keith Gosselin, IT officer for Biddeford Savings Bank in Biddeford, Maine, said he hasn't done anything with the service pack yet because some of his software vendors have requested he hold off until they have had time to test it. But he believes some of that caution may be overblown.

"Software vendors … have kindly and in some cases not so kindly requested we not install the service pack until they have had time to test, which in plain English means they'll wait 90 days or so and then we will just install the service pack without them knowing and most everything will work," he said.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.