The CHKDSK utility incorrectly identifies and deletes in-use security descriptors in Windows 2000
This article has been archived. It is offered "as is" and will no longer be updated.
For a Microsoft Windows Server 2003 or a Microsoft Windows XP version of this article, see 831374.
When you run the chkdsk command in fix mode, and you use the /F or the /R switch with this command, you may experience one of the following symptoms:
- Access control lists (ACLs) on some files may revert to their default values. This issue may occur if the volume contains more than 4,194,303 files, as in the following sample CHKDSK output:
Checking file system on J:The type of the file system is NTFS.Volume label is MYVOLUME.Cleaning up minor inconsistencies on the drive.Cleaning up 1496 unused index entries from index $SII of file 0x9.Cleaning up 1496 unused index entries from index $SDH of file 0x9.Cleaning up 1496 unused security descriptors.CHKDSK discovered free space marked as allocated in themaster file table (MFT) bitmap.Windows has made corrections to the file system. 1576209407 KB total disk space. 1514676116 KB in 4232266 files. 1523236 KB in 302192 indexes. 0 KB in bad sectors. 4671195 KB in use by the system. 65536 KB occupied by the log file. 55338860 KB available on disk. 4096 bytes in each allocation unit. 394052351 total allocation units on disk. 13834715 allocation units available on disk.
- Security descriptor information is removed from some files or folders.In the following example, the Chkdsk log file contains an error message that indicates that two security data stream entries cross page boundaries:
Checking file system on M: The type of the file system is NTFS. Volume label is MyVolume. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. The security data stream entry at offset 0x1bfff0 with length 0x80010033 crosses the page boundary. The security data stream entry at offset 0x4bfff0 with length 0x80010033 crosses the page boundary. Repairing the security file record segment. Deleting an index entry with Id 4971 from index $SII of file 9. Deleting an index entry with Id 9614 from index $SII of file 9. Deleting an index entry with Id 9614 from index $SDH of file 9. Deleting an index entry with Id 4971 from index $SDH of file 9. Replacing invalid security id with default security id for file 97. Replacing invalid security id with default security id for file 1890. Replacing invalid security id with default security id for file 1991.
This issue may occur when one of the following conditions is true:
- The CHKDSK utility may not find references to all security IDs if the master file table is larger than 4 gigabytes (GB) or if there are more than 4,194,303 files on the volume. In this scenario, the undiscovered security descriptors are reset.
- The volume contains security descriptors that are logically correct but that do not conform exactly to the alignment convention for the NTFS file system security stream.
327009 Chkdsk finds incorrect Security IDs after you restore or copy a lot of data
We recommend that you immediately install the appropriate service pack or hotfix on any computer that is currently vulnerable to the loss of security descriptors.
We recommend that you inventory servers and workstations in your organization and then install preventive software on any computers that are at risk. We recommend that you apply any preventive fix to new computers before you deploy the new computers for test or production use. We recommend that you inform server administrators, helpdesk administrators, and support professionals that they should install preventive fixes before the following operations are executed:
- chkdsk /F
- chkdsk /R
Hotfix informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
PrerequisitesIf volume security descriptors were deleted because of this issue, you may have to reassign user permissions to files and to folders.
Restart requirementYou must restart your computer after you apply this hotfix.
Hotfix replacement informationThis hotfix does not replace any other hotfixes.
File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ---------------------------------------------------------- 10-Dec-2003 05:17 5.0.2195.6881 579,856 Autochk.exe 10-Dec-2003 09:17 5.0.2195.6881 13,584 Chkdsk.exe 15-Nov-2001 15:27 5,149 Empty.cat 11-Mar-2004 17:59 5.0.2195.6824 17,680 Fmifs.dll 11-Mar-2004 17:59 5.0.2195.6881 67,344 Ifsutil.dll 05-Feb-2004 08:18 5.0.2195.6896 5,869,056 Sp3res.dll 08-Oct-2003 18:18 188.8.131.52 6,656 Spmsg.dll 08-Oct-2003 18:18 184.108.40.206 140,800 Spuninst.exe 11-Mar-2004 17:59 5.0.2195.6881 83,216 Ufat.dll 11-Mar-2004 17:59 5.0.2195.6881 261,392 Ulib.dll 11-Mar-2004 17:59 5.0.2195.6881 322,832 Untfs.dll
Hotfix installation informationAfter you apply this hotfix, you must also apply hotfix 873437. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
873437 The CHKDSK command incorrectly identifies certain security descriptors as not valid in Windows 2000
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
This hotfix is included in the list of recommended hotfixes to be proactively applied to Windows 2000 server clusters. For more information about this list, click the following article number to view the article in the Microsoft Knowledge Base:
895090 Recommended hotfixes for Windows 2000 Service Pack 4-based server clustersThis hotfix should be evaluated and applied proactively to all server clusters that are prone to be negatively affected by the problem that is described in this article.For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
824684 Description of the standard terminology that is used to describe Microsoft software updates
missing erased cleared autochk autocheck check disksecurity descriptors ACL deleted missing chkdsk
Article ID: 831375 - Last Review: 12/08/2015 05:17:36 - Revision: 7.5
Microsoft Windows 2000 Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Advanced Server
- kbnosurvey kbarchive kbautohotfix kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000presp5fix KB831375