Windows Server 2003 SP1 Is Almost Ready, Are ISVs?

Windows Server 2003 SP1--now in Release Candidate 2 stage and set for release within weeks--is undergoing rigorous in-house testing at the Redmond, Wash., company. Yet some ISVs are running into application incompatibilities.

Although Microsoft has tested its own and the most popular third-party server applications, it cannot guarantee compatibility for all 10,000 server applications on the market, Microsoft executives said.

"We're happy with the application compatibility testing we've done and where we stand. We have done hundreds of applications and only had a handful of issues," said Samm DiStasio, a director in the Windows server management product group. "RC2 testing is going really well and there are no showstoppers we've seen. It's ready to go."

ScriptLogic, a Boca Raton, Fla., ISV that develops Windows server management products, ran into compatibility problems when initially testing one of the SP1 release candidates against its software. It has since fixed the device driver problem, but ScriptLogic executives advise other ISVs to start testing and have patches ready.

To aid in the rollout of the server update, Microsoft turned off the new Windows Firewall by default--and has reached out more to ISVs--to avoid the kinds of compatibility issues that delayed corporate deployment of Windows XP SP2, executives said.

Partners expect fewer hiccups in the field with the Windows Server 2003 SP1 deployment, since server applications are usually deployed by administrators and not end users. Solution providers had to fix many desktop crashes and application problems after their clients downloaded Windows XP SP2. Many of those problems stemmed from the new Windows Firewall being turned on by default.

While Microsoft's efforts should help reduce problems, changes made to remote procedure call and component object model permissions--implemented to make both the client and server operating systems more secure--cause concern.

"We are in a gray area as far as applications, [since this] has the potential to impact all third-party applications," said Brian Bartlett, a systems engineer for Ecora, a patch management ISV based in Portsmouth, N.H. "I sent out red flags to all my developers."

The new Security Configuration Wizard can secure Web servers or simple application servers. But if customers opt to use the wizard to close ports, it could affect custom-developed enterprise applications, Bartlett said.

Microsoft issued its own warning to ISVs. "Windows Server 2003 SP1 addresses known vulnerabilities to Windows Server 2003 by tightening the authorization needed for some services and disabling others altogether," according to microsoft.com. "In some cases, this may result in unexpected behavior from your applications."