Question : IIS7 WAS Error 5153 - Script Problem

Hello,

I am getting IIS7 WAS Error 5153 in the event log. This is a known problem when promoting an IIS7 server to a DC. You cannot resolve the built-in IIS accounts after you set a Windows Server 2008-based server that is running IIS 7.0 as a domain controller. (The accounts do not show up in Active Directory here on our site)
See - http://technet.microsoft.com/en-us/library/cc735184.aspx
This page references a provided script located at:
http://support.microsoft.com/?kbid=946139

Ok, so I copied the script right from the page and put it in a file called remapbuiltinaccounts.vbs.

When I run the script, it throws an error:
Line 1
Char 1
Exepected Statement
Code 800A0400
Source Microsoft VBSScript Complilation Error

I played with it a bit and it still fails, on every successive line, if I delete the comments.

Need help either to get the script to run or to get IUSR and IIS_USRS groups to show in active directory.

Ran the script and get this problem:

Code Snippet:

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:

           
           
             /*
   SamUpgradeTask.js
   (c) 2007, Microsoft Corp.
*/
 
// Check the version of the operating system. Stop the script if the version is earlier than 6.
if ( ! CheckOSVersion() )
{
    WScript.Echo("ERROR: This script will only work on Longhorn Server or above.");
    WScript.Quit(1);
}
 
// Retrieve the local computer's rootDSE LDAP object.
var localRootDse = null;
 
try
{
    localRootDse = GetObject("LDAP://localhost/rootDSE");
}
catch(e)
{
    WScript.Echo("There was an error attempting to retrieve the localhost RootDSE object.");
    WScript.Echo("Perhaps this machine is not a Domain Controller on the network?");
    WScript.Echo("ErrorCode: " + e.number);
    WScript.Quit(1);
}
 
// Retrieve several rootDSE properties
var dnsHostName = localRootDse.Get("dnsHostName");
var dsServiceName = localRootDse.Get("dsServiceName");
var defaultNamingContext = localRootDse.Get("defaultNamingContext");
 
// Open the default naming context
var ncObj = GetObject("LDAP://" + defaultNamingContext);
 
// Get the "FSMO Role Owner"
var strfsmoNtdsa = ncObj.FsmoRoleOwner;
var fsmoNtdsaObj = GetObject("LDAP://" + strfsmoNtdsa);
 
// Get the parent object of "FSMO Role Owner"
var fsmoServerObj = GetObject(fsmoNtdsaObj.Parent);
 
// By using the Server Reference, retrieve the name of the PDC computer
var strFsmoComputer = fsmoServerObj.ServerReference;
var fsmoComputerObj = GetObject("LDAP://" + strFsmoComputer);
var pdcName = fsmoComputerObj.Get("name");
 
// Get the RootDSE object for the PDC
var pdcRootDse = GetObject("LDAP://" + pdcName + "/rootDSE");
 
// Check whether the PDC is a legacy domain or not.
var domainControllerFunctionality = pdcRootDse.Get("domainControllerFunctionality");
 
if ( domainControllerFunctionality > 2 )
{
    WScript.Echo("Domain is already operating in a mode higher than Windows Server 2003 mode. Stopping script execution.");
    WScript.Quit(0);
}
 
// Get the default naming context for the PDC
var pdcDefaultNamingContext = pdcRootDse.Get("defaultNamingContext");
 
// Retrieve the well known object from the PDC
var pdcSystem = GetObject("LDAP://" + pdcName + "/");
 
// Get the distinguished name for the well known object
var pdcDistinguishedName = pdcSystem.Get("distinguishedName");
 
// Check whether the task has already been run
var taskMarker = null;
 
try
{
    taskMarker = GetObject("LDAP://" + pdcName + "/");
}
catch(e)
{
    if ( e.number == -2147016656 ) // Check and see if error code is ERROR_DS_NO_SUCH_OBJECT
    {
        taskMarker = null;
    }
    else
    {
        WScript.Echo("Error attempting to retrieve well known object from PDC.");
        WScript.Echo("Name: " + e.name + "\nDescription: " + e.description + "\nCode: " + e.number + "\nMessage: " + e.message);
        WScript.Quit(1);
    }
}
 
// If the well known object exists, the SAM upgrade is already running. Therefore, stop the script.
if ( taskMarker != null )
{
    WScript.Echo("SAM upgrade task already being run. No work done.");
    WScript.Quit(1);
}
 
// Get the Server container with that distinguished name
var serverObj = GetObject("LDAP://" + pdcName + "/CN=Server," + pdcDistinguishedName);
 
// Prepare a safe array (for example, VBArray) with one entry
var jsArray = new Array(1);
jsArray[0] = "B:32:6ACDD74F3F314ae396F62BBE6B2DB961:"+ dsServiceName;
var vbArray = JS2VBArray(jsArray);
 
try
{
    // Append an entry to the "Other-Well-Known-Objects" attribute for the 
    // previous server object.
    serverObj.PutEx(3, "otherWellKnownObjects", vbArray);
    serverObj.SetInfo();
}
catch(e)
{
    WScript.Echo("Unexpected error attempting to put the well known GUID.");
    WScript.Echo("ErrorCode: " + e.number);
}
 
WScript.Echo("Running upgrade task.");
// Set the "runSamUpgradeTasks" attribute in the local rootDSE
localRootDse.Put("runSamUpgradeTasks", 1);
localRootDse.SetInfo();
 
// Remote the binary data from the previous well known object entry 
serverObj.PutEx(4, "otherWellKnownObjects", vbArray);
serverObj.SetInfo();
 
// The upgrade is complete.
WScript.Echo("Done!");
 
function CheckOSVersion()
{
    var wbemFlagReturnImmediately = 0x10;
    var wbemFlagForwardOnly = 0x20;
 
    var objWMIService = GetObject("winmgmts:\\\\.\\root\\CIMV2");
    var colItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL",
                                      wbemFlagReturnImmediately | wbemFlagForwardOnly);
 
    var enumItems = new Enumerator(colItems);
    for (; !enumItems.atEnd(); enumItems.moveNext()) {
        var objItem = enumItems.item();
        var fullVersion = objItem.Version;
        var indexPoint = fullVersion.indexOf(".");
 
        if ( indexPoint == -1 )
        {
            return false;
        }
 
        var majorVersion = fullVersion.substring(0, indexPoint);
 
        return (majorVersion >= "6");
    }
 
    return false;
}
 
function JS2VBArray( objJSArray )
{
    var dictionary = new ActiveXObject( "Scripting.Dictionary" );
    for ( var i = 0; i < objJSArray.length; i++ )
    {
        dictionary.add( i, objJSArray[ i ] );
    }
 
    return dictionary.Items();
}

           
         

Open in New Window

Select All

Question : IIS7 WAS Error 5153 - Script Problem

Answer : IIS7 WAS Error 5153 - Script Problem

Hi, the code you've posted is actually a JS file, not a VBS file. Just change the file extension to JS and run it.

Regards,

Rob.

Question : IIS7 WAS Error 5153 - Script Problem

Answer : IIS7 WAS Error 5153 - Script Problem

Hi, the code you've posted is actually a JS file, not a VBS file. Just change the file extension to JS and run it.Regards,Rob.

Hi, the code you've posted is actually a JS file, not a VBS file. Just change the file extension to JS and run it.

Regards,

Rob.