problem running 'SamUpgradeTask.js' script - receive 'Unexpected Error" message

Posted on 2009-04-24
Last Modified: 2012-06-27
I have a new Server with Windows 2008 Server.  Installed all OS updates.  Joined a Windows 2003 domain and promoted to DC.  Attempting to install SEP and receive an error indicating that IIS Admin and W3SVC must be installed.  This is a known issue regarding the inability of ACL to resolve to a friendly name on 2008 servers promoted to DC in a 2003 domain, (  I followed the given link, (, copied the script and ran it and received the following error message:

C:\Users\Administrator.MYDOMAIN\Desktop>cscript samupgradetask.js
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Unexpected error attempting to put the well know GUID.
Error Code: -2147016657
Running upgrade task.
C:\Users\Administrator.MYDOMAIN\Desktop\samupgradetask.js(121, 1) (null): An operations error occured


Line 121 in the script  is 'serverObj.Setinfo()'.
I am unable to find any information related to Error Code: -2147016657

I have restarted the server and attempted SEP installation again to recieve the same message regarding IIS Admin & W3SVC so the issue still exist.  I have checked to verify that the WAS service is running as shown at the bottom of the TechNet article, and it says it is.

Any assistance or information on where to go from here greatly appreciated.
Thank You.


   (c) 2007, Microsoft Corp.



// Check the version of the operating system. Stop the script if the version is earlier than 6.

if ( ! CheckOSVersion() )


    WScript.Echo("ERROR: This script will only work on Longhorn Server or above.");




// Retrieve the local computer's rootDSE LDAP object.

var localRootDse = null;




    localRootDse = GetObject("LDAP://localhost/rootDSE");




    WScript.Echo("There was an error attempting to retrieve the localhost RootDSE object.");

    WScript.Echo("Perhaps this machine is not a Domain Controller on the network?");

    WScript.Echo("ErrorCode: " + e.number);




// Retrieve several rootDSE properties

var dnsHostName = localRootDse.Get("dnsHostName");

var dsServiceName = localRootDse.Get("dsServiceName");

var defaultNamingContext = localRootDse.Get("defaultNamingContext");


// Open the default naming context

var ncObj = GetObject("LDAP://" + defaultNamingContext);


// Get the "FSMO Role Owner"

var strfsmoNtdsa = ncObj.FsmoRoleOwner;

var fsmoNtdsaObj = GetObject("LDAP://" + strfsmoNtdsa);


// Get the parent object of "FSMO Role Owner"

var fsmoServerObj = GetObject(fsmoNtdsaObj.Parent);


// By using the Server Reference, retrieve the name of the PDC computer

var strFsmoComputer = fsmoServerObj.ServerReference;

var fsmoComputerObj = GetObject("LDAP://" + strFsmoComputer);

var pdcName = fsmoComputerObj.Get("name");


// Get the RootDSE object for the PDC

var pdcRootDse = GetObject("LDAP://" + pdcName + "/rootDSE");


// Check whether the PDC is a legacy domain or not.

var domainControllerFunctionality = pdcRootDse.Get("domainControllerFunctionality");


if ( domainControllerFunctionality > 2 )


    WScript.Echo("Domain is already operating in a mode higher than Windows Server 2003 mode. Stopping script execution.");




// Get the default naming context for the PDC

var pdcDefaultNamingContext = pdcRootDse.Get("defaultNamingContext");


// Retrieve the well known object from the PDC

var pdcSystem = GetObject("LDAP://" + pdcName + "/<WKGUID=AB1D30F3768811D1ADED00C04FD8D5CD," + pdcDefaultNamingContext + ">");


// Get the distinguished name for the well known object

var pdcDistinguishedName = pdcSystem.Get("distinguishedName");


// Check whether the task has already been run

var taskMarker = null;




    taskMarker = GetObject("LDAP://" + pdcName + "/<WKGUID=6ACDD74F3F314ae396F62BBE6B2DB961,CN=Server," + pdcDistinguishedName + ">");




    if ( e.number == -2147016656 ) // Check and see if error code is ERROR_DS_NO_SUCH_OBJECT


        taskMarker = null;




        WScript.Echo("Error attempting to retrieve well known object from PDC.");

        WScript.Echo("Name: " + + "\nDescription: " + e.description + "\nCode: " + e.number + "\nMessage: " + e.message);





// If the well known object exists, the SAM upgrade is already running. Therefore, stop the script.

if ( taskMarker != null )


    WScript.Echo("SAM upgrade task already being run. No work done.");




// Get the Server container with that distinguished name

var serverObj = GetObject("LDAP://" + pdcName + "/CN=Server," + pdcDistinguishedName);


// Prepare a safe array (for example, VBArray) with one entry

var jsArray = new Array(1);

jsArray[0] = "B:32:6ACDD74F3F314ae396F62BBE6B2DB961:"+ dsServiceName;

var vbArray = JS2VBArray(jsArray);




    // Append an entry to the "Other-Well-Known-Objects" attribute for the 

    // previous server object.

    serverObj.PutEx(3, "otherWellKnownObjects", vbArray);





    WScript.Echo("Unexpected error attempting to put the well known GUID.");

    WScript.Echo("ErrorCode: " + e.number);



WScript.Echo("Running upgrade task.");

// Set the "runSamUpgradeTasks" attribute in the local rootDSE

localRootDse.Put("runSamUpgradeTasks", 1);



// Remote the binary data from the previous well known object entry 

serverObj.PutEx(4, "otherWellKnownObjects", vbArray);



// The upgrade is complete.



function CheckOSVersion()


    var wbemFlagReturnImmediately = 0x10;

    var wbemFlagForwardOnly = 0x20;


    var objWMIService = GetObject("winmgmts:\\\\.\\root\\CIMV2");

    var colItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL",

                                      wbemFlagReturnImmediately | wbemFlagForwardOnly);


    var enumItems = new Enumerator(colItems);

    for (; !enumItems.atEnd(); enumItems.moveNext()) {

        var objItem = enumItems.item();

        var fullVersion = objItem.Version;

        var indexPoint = fullVersion.indexOf(".");


        if ( indexPoint == -1 )


            return false;



        var majorVersion = fullVersion.substring(0, indexPoint);


        return (majorVersion >= "6");



    return false;



function JS2VBArray( objJSArray )


    var dictionary = new ActiveXObject( "Scripting.Dictionary" );

    for ( var i = 0; i < objJSArray.length; i++ )


        dictionary.add( i, objJSArray[ i ] );



    return dictionary.Items();


Open in new window

Question by:L-H
    1 Comment

    Accepted Solution

    Well, I modified the script to display e.message and ran again, and the error didn't occur.  I have to guess it had to do with replication over the night as I didn't change anything.  So this question is no longer valid.  Even though I've still got the installation issue.  Cheers.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now