Microsoft Issues Hotfix for Windows Server 2003 Migration Problem
Microsoft issued a hotfix late last month for a log-in problem that has affected some organizations moving from Windows Server 2003 to Windows Server 2012 R2.
The hotfix, available here, addresses a problem that occurs because of an encryption protocol mismatch between the two servers. Windows Server 2012 R2 and Windows Server 2003 have domain controllers that use different Kerberos encryption standards. Those two standards -- AES and DES, respectively -- don't play well together, which can become apparent during server migrations.
Organizations with this problem typically find that their end users can't log into the system. They get an error messaging indicating "unknown username or bad password."
Microsoft gave notice that a hotfix was coming back in late July, although it only offered workaroundsat the time. This new hotfix for Windows Server 2012 R2 is only intended for organizations that have experienced this log-in problem and are "severely affected," according to Microsoft's support article. Applying the hotfix may entail system restarts to take effect.
Back in July, Microsoft had indicated that it had received "quite a few calls" about the problem. It's possible that the end of Windows Server 2003's product support lifecycle is prompting organizations to make the move from the near 10-year-old server.
Windows Server 2003 will fall out of "extended support" on July 14, 2015. After that date, the server operating system will be considered "unsupported" by Microsoft. No more security patches will arrive, leaving the server subject to attacks that won't get patched unless an organization has a "custom support" agreement set up with Microsoft.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.