Bill Meehan was getting ready for work when he got the emergency call from one of his staff members, informing him principal users had been blocked from his company's network for no apparent reason. Still at home, he remotely rebooted the server and the principal user was admitted to the system.
"I mistook this for a solution, until we realized other users were blocked and a large number of our users had standard access," said Meehan, CTO at Benemax, a midsized benefits management company based in Medfield, Mass.
But it wasn't.
By this time, Meehan had called in a consultant and both were poring over the same data. The consultant suggested offline folders could be the culprit. Following that assumption, Meehan took remedial steps with one user to solve this problem.
Nice try, but no.
Both attempts at finding the problem were not in vain, however. The effort unveiled the real culprit, something neither of them expected: insufficient licensing.
"We determined on the server that the client access licenses were either corrupt or had vanished," Meehan explained. "But when we attempted to restore the licenses with the wizard designed for this, we discovered the wizard was blocked by a Windows security update."
Microsoft's security precautions had blocked its own services.
Eventually (five hours later, to be exact), Meehan was successful in unlocking and securing the licenses, but half the company lost half a day's work.
"If you purchase licenses from Microsoft and you're in compliance and they shut you off in spite of this, your personal reaction is very negative," Meehan said. "If they then succeeded in disabling their own recovery software because of clumsy security features, your reaction goes from very negative to profoundly negative."
According to Paul DeGroot, an analyst at Directions on Microsoft in Kirkland, Wash., what happened to Meehan is rare. It would affect only those who use concurrent licensing, which allows only a certain number of users to connect to the system at any given time -- as do many midmarket organizations. Concurrent licensing is often a cost-effective option when a second server is unnecessary.
But managing these client access licenses (CALs) can be near impossible.
According to DeGroot, Microsoft tracks the number of CALs a company has, but a CAL is nothing; it doesn't exist on the server, it's not something installed -- it's merely a right. "With concurrent licenses, you tell Microsoft how many connections you're licensed for and then you pay for the CALs to make it legal. It's almost too simple of a system and isn't enforced in a technical fashion," DeGroot said.
Back in the 90s, DeGroot had a similar problem with concurrent licenses. While working in Web development for a newspaper chain, DeGroot purchased a pack of 20 CALs for the company's Windows server. Assuming that would be enough for the small staff, DeGroot was surprised when he ran out of licenses. "Come to find out, IT and others would look for a spare Windows server to put something on and this would decrement the number of licenses whenever they logged into the server," he said. "I ran out of licenses because people were using them and I didn't even know about it."
But don't waste your time pointing fingers at Microsoft, DeGroot said. Redmond expects users to keep track of CALs themselves.
"Microsoft is probably one of the largest companies in that world that doesn't have a single Microsoft software license," DeGroot said. "They don't feel customer pain because they aren't in there doing it themselves. Microsoft does far less than they could to help companies track their licenses."
But at the end of the day, "an event occurred that could have been prevented if someone was watching it," DeGroot said.
But could it have been? According to Meehan, the incident occurred in the middle of the night with no user sessions open. "All of our licenses were corrupted," he said. "This was not a case of Microsoft taking action because of too many users. We were in compliance. We were close to our CAL limit, but we had not gone over it."
Furthermore, the restoration wizard was disabled and undocumented. When Meehan went to check the processes leading him to that point, only a security update was noted. "It's activity like this which causes people to feel Microsoft acts arrogantly towards their users."
Especially with a company as compliant as Benemax. "[Microsoft] would have to look long and hard to find a more compliant company. We have no unlicensed software and we keep up with our CALs," Meehan said.
Unfortunately, he still has no conclusive word from Microsoft as to why this incident happened.
If a CIO isn't sure if he's in compliance regarding software licenses, there is generic software available to help track CALs -- but don't expect miracles. "The tools to do this aren't very good, in spite of the fact there are rules you have to assign to these licenses. But how can you? There are no tools, places to store them or license assignments," DeGroot said.
Because licensing can get complicated for smaller companies, midmarket CIOs are well-advised to find an outside source who can and will make sure limits and licensing aren't exceeded, DeGroot said.
"The path of least resistance is finding someone to help you monitor these systems and keep them humming," DeGroot said.
After his incident, Meehan toyed with the idea of moving to an open source operating system to avoid the licensing problem. But for him, Microsoft is easier at the moment -- even if that means dealing with frequent quirks and problems. Meehan said if he does decide to move on, he's comforted in knowing he wouldn't be alone and without options.
"I don't feel like I have no alternative, I just feel like my real alternatives to Microsoft as the basis of IT services are very limited. And I think the day they become less limited will be a good day for everyone."
Let us know what you think about the story; email: Kristen Caretta, Associate Editor