The CHKDSK utility incorrectly identifies and deletes in-use security descriptors in Windows 2000

Article ID: 831375 - View products that this article applies to.
For a Microsoft Windows Server 2003 or a Microsoft Windows XP version of this article, see 831374
(http://support.microsoft.com/kb/831374/ )
.
Expand all | Collapse all

On This Page

SYMPTOMS

When you run the chkdsk command in fix mode, and you use the /F or the /R switch with this command, you may experience one of the following symptoms:
  • Access control lists (ACLs) on some files may revert to their default values. This issue may occur if the volume contains more than 4,194,303 files, as in the following sample CHKDSK output: 
    Checking file system on J:
The type of the file system is NTFS.
Volume label is MYVOLUME.

Cleaning up minor inconsistencies on the drive.
Cleaning up 1496 unused index entries from index $SII of file 0x9.
Cleaning up 1496 unused index entries from index $SDH of file 0x9.
Cleaning up 1496 unused security descriptors.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 1576209407 KB total disk space.
 1514676116 KB in 4232266 files.
    1523236 KB in 302192 indexes.
          0 KB in bad sectors.
    4671195 KB in use by the system.
      65536 KB occupied by the log file.
   55338860 KB available on disk.

 4096 bytes in each allocation unit.
 394052351 total allocation units on disk.
 13834715 allocation units available on disk.
  • Security descriptor information is removed from some files or folders. In the following example, the Chkdsk log file contains an error message that indicates that two security data stream entries cross page boundaries:
    Checking file system on M:
	The type of the file system is NTFS.
	Volume label is MyVolume.
	
	
	A disk check has been scheduled.
	Windows will now check the disk.                         
	Cleaning up minor inconsistencies on the drive.
	The security data stream entry at offset 0x1bfff0 with length 0x80010033
	crosses the page boundary.
	The security data stream entry at offset 0x4bfff0 with length 0x80010033
	crosses the page boundary.
	Repairing the security file record segment.
	Deleting an index entry with Id 4971 from index $SII of file 9.
	Deleting an index entry with Id 9614 from index $SII of file 9.
	Deleting an index entry with Id 9614 from index $SDH of file 9.
	Deleting an index entry with Id 4971 from index $SDH of file 9.
	Replacing invalid security id with default security id for file 97.
	Replacing invalid security id with default security id for file 1890.
	Replacing invalid security id with default security id for file 1991.
For more information about security descriptors, search for "security descriptors" in the Microsoft Windows 2000 Help and Support Center.
Back to the top | Give Feedback

CAUSE

This issue may occur when one of the following conditions is true:
  • The CHKDSK utility may not find references to all security IDs if the master file table is larger than 4 gigabytes (GB) or if there are more than 4,194,303 files on the volume. In this scenario, the undiscovered security descriptors are reset.
  • The volume contains security descriptors that are logically correct but that do not conform exactly to the alignment convention for the NTFS file system security stream.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
327009
(http://support.microsoft.com/kb/327009/ )
Chkdsk finds incorrect Security IDs after you restore or copy a lot of data
Back to the top | Give Feedback

RESOLUTION

We recommend that you immediately install the appropriate service pack or hotfix on any computer that is currently vulnerable to the loss of security descriptors.

We recommend that you inventory servers and workstations in your organization and then install preventive software on any computers that are at risk. We recommend that you apply any preventive fix to new computers before you deploy the new computers for test or production use. We recommend that you inform server administrators, helpdesk administrators, and support professionals that they should install preventive fixes before the following operations are executed:
  • chkdsk /F
  • chkdsk /R
  • autochk
Note IT operations guides should also install preventive fixes before these commands are executed.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

If volume security descriptors were deleted because of this issue, you may have to reassign user permissions to files and to folders.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version             Size  File name
   ----------------------------------------------------------
   10-Dec-2003  05:17  5.0.2195.6881    579,856  Autochk.exe
   10-Dec-2003  09:17  5.0.2195.6881     13,584  Chkdsk.exe
   15-Nov-2001  15:27                     5,149  Empty.cat
   11-Mar-2004  17:59  5.0.2195.6824     17,680  Fmifs.dll
   11-Mar-2004  17:59  5.0.2195.6881     67,344  Ifsutil.dll
   05-Feb-2004  08:18  5.0.2195.6896  5,869,056  Sp3res.dll
   08-Oct-2003  18:18  5.4.1.0            6,656  Spmsg.dll
   08-Oct-2003  18:18  5.4.1.0          140,800  Spuninst.exe
   11-Mar-2004  17:59  5.0.2195.6881     83,216  Ufat.dll
   11-Mar-2004  17:59  5.0.2195.6881    261,392  Ulib.dll
   11-Mar-2004  17:59  5.0.2195.6881    322,832  Untfs.dll

Hotfix installation information

After you apply this hotfix, you must also apply hotfix 873437. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
873437
(http://support.microsoft.com/kb/873437/ )
The CHKDSK command incorrectly identifies certain security descriptors as not valid in Windows 2000
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

This hotfix is included in the list of recommended hotfixes to be proactively applied to Windows 2000 server clusters. For more information about this list, click the following article number to view the article in the Microsoft Knowledge Base:
895090
(http://support.microsoft.com/kb/895090/ )
Recommended hotfixes for Windows 2000 Service Pack 4-based server clusters
This hotfix should be evaluated and applied proactively to all server clusters that are prone to be negatively affected by the problem that is described in this article. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
816915
(http://support.microsoft.com/kb/816915/ )
New file naming schema for Microsoft Windows software update packages
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates
Back to the top | Give Feedback

Properties

Article ID: 831375 - Last Review: October 15, 2007 - Revision: 7.5
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbautohotfix kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000presp5fix KB831375
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top