Sunday, June 1, 2008

Troubleshooting Disks and File Systems

CHKDSK

CHKDSK.exe is a command-line tool that verifies the logical integrity of a file system on a MS Windows OS volume. If file system structures become damaged, MS Windows OS automatically schedules CHKDSK to run the next time the computer is restarted. At any time, you can manually run CHKDSK at the command prompt or from Windows Explorer or My Computer.

The CHKDSK Process on NTFS Volumes

When you run CHKDSK on NTFS volumes, the CHKDSK process consists of three major stages, and optional fourth and fifth stages. CHKDSK displays its progress for each stage with the following messages:

CHKDSK is verifying files (stage 1 of 3)... File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed
.

The following describes each of the CHKDSK stages.

Stage 1: CHKDSK verifies each file record segment in the master file table

During stage 1, CHKDSK examines each file record segment in the volume’s master file table (MFT). A specific file record segment in the MFT uniquely identifies every file and directory on an NTFS volume. The percent complete that CHKDSK displays during this phase is the percent of the MFT that has been verified.

Stage 2: CHKDSK checks the directories in the volume

During stage 2, CHKDSK examines each of the indexes (directories) on the volume for internal consistency and verifies that every file and directory represented by a file record segment in the MFT is referenced by at least one directory. CHKDSK also confirms that every file or subdirectory referenced in each directory actually exists as a valid file record segment in the MFT, and it checks for circular directory references. CHKDSK then confirms that the time stamps and the file size information associated with files are up to date in the directory listings for those files.

The percent complete that CHKDSK displays during this phase is the percent of the total number of files on the volume that are checked. For volumes with many thousands of files and folders, the time required to complete this stage can be significant.

Stage 3: CHKDSK verifies the security descriptors for each volume

During stage 3, CHKDSK examines each of the security descriptors associated with each file and directory on the volume by verifying that each security descriptor structure is well formed and internally consistent. The percent complete that CHKDSK displays during this phase is the percent of the number of files and directories on the volume that are checked.

Stages 4 and 5 (optional stages): CHKDSK reads every sector on the volume to confirm stability

CHKDSK performs stages 4 and 5 if you specify the /r parameter when you run CHKDSK. The /r parameter confirms that the sectors in each cluster are usable. Specifying the /r parameter is usually not necessary because NTFS identifies and remaps bad sectors during the course of normal operations, but use the /r parameter if you suspect the disk has bad sectors.

During stage 4, CHKDSK verifies all clusters in use; during stage 5, CHKDSK verifies unused clusters.

The percent complete that CHKDSK displays during stage 4 is based on the percent of used clusters that are checked. The percent complete that CHKDSK displays during stage 5 is the percent of unused clusters that are checked. Used clusters typically take longer to check than unused clusters, so stage 4 lasts longer than stage 5 on a volume with equal amounts of used and unused clusters. For a volume with mostly unused clusters, stage 5 takes longer than stage 4.1

During stages 1 and 3, the percent complete indicator advances relatively smoothly, although some unevenness might occur in the rate at which these phases progress. For example, file record segments that are not in use require less time to process than do those that are in use, and larger security descriptors take more time to process than do smaller ones. Overall, the percent complete is a fairly accurate representation of the actual time required for that phase.

The duration of stage 2 varies because the amount of time required to process a directory is closely tied to the number of files or subdirectories listed in that directory. Because of this dependency, the percent complete indicator might not advance smoothly during stage 2, though the indicator continues to advance even for large directories. Therefore, do not use the percent complete as a reliable representation of the actual time remaining for this phase.

If you use the /f or /r parameter on a large volume (for example, 70 GB) or on a volume with a very large number of files (in the millions), CHKDSK can take a long time to complete. The volume is not available during this time because CHKDSK does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the CHKDSK process is complete.

CHKDSK does not include parameters that let you cancel the CHKDSK process; however, when you run CHKDSK you can specify parameters that shorten the process. For more information see complete article at Microsoft Technet.

To run CHKDSK from My Computer or Windows Explorer

1. In My Computer or Windows Explorer, right-click the volume you want to check, and then click Properties.

2. On the Tools tab, click Check Now.

3. Do one of the following:

• To run CHKDSK in read-only mode, click Start.

• To run CHKDSK by using the /f parameter, select the Automatically fix file system errors check box and then click Start.

• To run CHKDSK by using the /r parameter, select the Scan for and attempt recovery of bad sectors check box and then click Start. Because NTFS also identifies and remaps bad sectors during the course of normal operations, it is usually not necessary to use the /r parameter unless you suspect that a disk has bad sectors.