Article ID: 255008 - View products that this article applies to.
This article was previously published under Q255008
If you run the Chkdsk.exe tool with no command-line switches against a volume that uses the NTFS file system, Chkdsk.exe may report that problems were found and suggest that you run the Chkdsk command with the /f switch to fix the volume. For example, the following message is the result of the Chkdsk command:
If you then run chkdsk /f or chkntfs /c against the NTFS volume to schedule Autochk to run at boot time, or you run a manual interactive chkdsk.exe /f against an inactive NTFS volume, you may receive the following Chkdsk.exe message or event in the application log:
C:\>chkdsk c: The type of the file system is NTFS. Volume label is System. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these.
NOTE: Although the Chkdsk.exe tool with no command-line switches reported that problems existed, there was no indication that the NTFS volume only required minor cleanup. When you run chkdsk /f, Chkdsk.exe reports only unused index and security descriptor entries that were removed.
Event Type: Information Event Source: Winlogon Event ID: 1001 Computer: Computer_Name Description: Checking file system on C: The type of the file system is NTFS. Volume label is System. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 153 unused index entries from index $SII of file 0x9. Cleaning up 153 unused index entries from index $SDH of file 0x9. Cleaning up 153 unused security descriptors. Windows has made corrections to the file system.
This problem occurs because if Chkdsk is run against an NTFS volume, Chkdsk.exe may report that security descriptors are in the database that are no longer referenced by any file or folder and that it is removing them. However, Chkdsk.exe just reclaims the unused security descriptors as a housekeeping activity, and it does not actually fix any kind of problem.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910The English version of this fix should have the following file attributes or later:
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
Date Time Size File name ------------------------------------------ 01/25/2000 09:12p 558,864 Autochk.exe 01/25/2000 09:12p 26,384 Cnvfat.dll 01/25/2000 09:13p 77,072 Diskedit.exe 01/25/2000 09:12p 304,400 Untfs.dll
Microsoft has confirmed that this is a problem in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1.
Make sure that the problem you are seeing is not caused by the issue discussed in the following Microsoft Knowledge Base article:
327009Otherwise, the message listed in the "Symptoms" section in this article is an informational message and can be safely ignored.
(http://support.microsoft.com/kb/327009/EN-US/ )Chkdsk Finds Incorrect Security IDs After You Restore or Copy a Lot of Data
All NTFS volumes contain a security descriptor database. This database is populated with security identifiers that represent unique permission settings that are applied to files and folders. When files or folders have unique NTFS permissions applied, NTFS stores a unique security descriptor once on the volume, and it also stores a pointer to the security descriptor on any file or folder that references it.
If files or folders no longer use that unique security descriptor, NTFS does not remove the unique security descriptor from the database, but instead, keeps it cached. Like any caching strategy, you want to keep the cached information as long as possible because it may be used again.
To determine if more serious problems exist before scheduling or running Chkdsk.exe with the /f switch, run the chkntfs drive letter: command, where drive letter is the drive against which you want to run the chkdsk /f command. If this command reports that the "dirty bit" is set, there may be real damage that has to be fixed.
For additional information about using Chkdsk.exe in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/218461/EN-US/ )Description of Enhanced Chkdsk, Autochk, and Chkntfs Tools in Windows 2000
Article ID: 255008 - Last Review: February 20, 2007 - Revision: 3.3