Service Pack 1 (SP1) for Windows Server 2003 was released by Microsoft on April 6, and the many benefits of this upgrade are now being weighed against some minor and not-so-minor incompatibilities it introduces.
Containing significant security improvements, as well as nonsecurity updates, 2003 SP1 has several things going for it:
• The Security Configuration Wizard helps server administrators disable unneeded services and close ports that are invitations to hackers.
Subscribe to our Windows Secrets Newsletter - It's Free!
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
Want to hack the new Start screen and tiles for your Win8 Device, the new Lock screen, the new tile-based apps, or the automatic notification information? Yes, you can do that. How about running other operating systems inside Windows 8, running Windows 8 on a Mac, or hacking SkyDrive and social media? We'll show you how to do that as well. Get this excerpt and other 5 bonuses if you subscribe now!
• An improved Windows Firewall now shuts off inbound Internet connectivity while setting up and during bootup and shutdown to provide additional protection against intrusions at vulnerable moments.
• VPN Quarantine allows you to deny access to PCs that connect to your servers via virtual private networks but are not up-to-date with security software you require.
We’ll print more insider tricks about these and other 2003 SP1 features in future newsletters as we uncover them. In the meantime, it’s important for you to know about some troublesome headaches you can run into if you don’t update some of your other software before installing SP1.
Update MS Exchange and ISA before installing SP1
The release of SP1, and the discovery of some known issues that it causes, led me to publish a rare "newsletter update" on Apr. 7. I usually send out one of these short alerts only when some breaking news can’t wait for the next full newsletter or when two newsletters will be more than two weeks apart. (Publishing twice a month, a 3-week gap between issues occurs every three months).
In the case of SP1, several points cried out for an alert:
• Up to 1,340 MB of disk space can be temporarily required to install SP1 if you’re using Microsoft’s CD-ROM install method (when MS releases a CD-based verison of the upgrade).
• Exchange Server can require configuration changes after SP1 is installed.
• Internet Security and Acceleration Server (ISA) 2000 and 2004 will have problems if these apps aren’t updated before you install SP1.
I won’t repeat all the gory detals here, since I’ve posted them at the Windows Secrets site. For more information, see the Apr. 7 newsletter update.
Don’t install 2003 SP1 on SBS 2003
The problem that affected probably the largest number of people involved the installation of Windows Server 2003 SP1 on Small Business Server 2003. This was a severe dificulty for some people, because Microsoft installed SP1 via Automatic Updates for at least a day to unsuspecting users of SBS 2003. The SBS product does include a version of Windows Server 2003, but the two operating systems are not the same.
More details of the incompatibilities between SBS 2003 and SP1 have come to light:
• The Remote Access Wizard in SBS 2003 won’t create a Connection Manager configuration package after SP1 is installed.
• The Change Server IP Address tool won’t work after adding SP1.
• SBS 2003′s Fax Service and Fax Configuration Wizard won’t work after the upgrade to SP1.
If you’ve been bitten by an untimely upgrade to SP1 on an SBS 2003 box, you can fortunately reverse any problems it’s caused by uninstalling the SP1 patch. To do this, simply open the Control Panel, run the Add/Remove Programs applet, select Windows Server 2003 Service Pack 1, then click Remove.
If the only problem you’ve exprienced on SBS 2003 with SP1 is the Fax Service problem, and for some reason you’re foolish enough not to remove SP1 immediately, you can cure the Fax Service by changing a value in the Registry.
For details on the Registry change, and for other information on why SP1 is bad news when installed on SBS 2003, see Microsoft’s known-issues paper on the subject.
SBS 2003 users will be far better off waiting for a separate Service Pack 1 for SBS. Microsoft indicates that this upgrade is expected to be released by June 3, 2005. It’s advertised to contain SB1-level upgrades for SharePoint Services, Exchange Server 2003, Outlook 2003, and (in the SBS 2003 premium edition) SQL Server 2000 SP4 and ISA 2004.
For information on the plans for SBS 2003 SP1, see Microsoft’s coming-soon page.
Apps run into tighter login requirements
Unfortunately, the above issues are not the only difficulties people are experiencing with 2003 SP1. New problems continue to be reported in dribs here and drabs there. Here are some examples:
• BizTalk Server 2004 SP1 displays error messages after 2003 SP1 is installed. This, interestingly enough, is due to the same kinds of security tightening that people first saw when SP2 for Windows XP was installed. The solution is also the same: changes to two lines in the Registry can prevent the conflict. For the fixes, see KB articles 839187 and 884623.
• SQL Server Reporting Services fails, saying "Key not valid in specified state." Two different workarounds for this have come out, both of which involve tweaks in the Registry. These are documented in two postings.
• Microsoft Virtual Server 2005 cannot connect to the Virtual Server administration Web site after SP1. This problem also affects many other applications and is caused by the same situation as when SP2 is installed to Windows XP. In all such cases, the operating system is requiring stronger authentication as a security measure. Workarounds are described in KB articles 891609 and 888749.
Windows Secrets contributing editor Susan Bradley has compiled other SP1 behaviors, and workarounds for them, in the paid version of this issue of the newsletter. This includes help on Dell servers and a link to a description of technical changes made by SP1. See her article below.
Many other "gotchas" are likely to surface as SP1 is more widely deployed. We’ll keep watching and reporting to you about these gremlins. To send us more information about SP1, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.
Brian Livingston, editor of WindowsSecrets.com, is the coauthor Windows 2000 Secrets, Windows Me Secrets, and eight other books.