CHKDSK "Replacing invalid security id..."

Discussion in 'Windows 64 Bit' started by Andrew Tapp, Jan 8, 2008.

  1. Andrew Tapp

    Andrew Tapp Guest

    I've been running Windows Vista Ultimate (64-bit) on my DELL XPS M1710 laptop
    for at least 6 months with no issues. I regularly take backups (usually
    twice a week) using Norton Ghost 12 (2008) and the laptop is patched with ALL
    the latest software updates from both Microsoft and Symantec (Norton).

    Earlier today the backup that i normally take hung at 34% and the estimated
    time left continued to climb. Normally this backup would take about 90
    minutes. I cancelled the backup and thinking that there may be a file system
    error, scheduled a CHKDSK C: /f, and rebooted the computer.

    CHKDSK has started finding a number of issues including "Deleting an index
    entry with Id 261 from index $SII of file 9" and is now displaying thousands
    of "Replacing invalid security id with default security id for file xxxxx"
    messages. Probably one for each file on the hard drive.

    I have seen a number of problems with CHKDSK under Windows 2000 and Windows
    2003 server but not with Vista.

    http://support.microsoft.com/kb/873437
    http://support.microsoft.com/kb/327009
    http://support.microsoft.com/kb/913034

    CHKDSK has NOT completed yet and i will post back if i get any other issues
    when restarting Vista.

    Any comments would be appreciated.

    Many thanks.
     
    Andrew Tapp, Jan 8, 2008
    #1
    1. Advertisements

  2. Andrew Tapp

    Andrew Tapp Guest

    OK, it's just finished running CHKDSK and replaced the security id's for
    197,504 files, and rebooted. The screen is not displaying (i.e. black)
    however only the mouse is present, both in normal and safe modes.

    Will update further when i have some news.
     
    Andrew Tapp, Jan 8, 2008
    #2
    1. Advertisements

  3. First, it's a really bad idea to run chkdsk with the /f until you know what
    it's going to try to do. I say that only so that others reading will see it,
    since we're already past that point here.

    Second, I'm concerned about the presence of Norton on this machine. There's
    a good reason a lot of us here won't allow anything in a bright yellow box
    on our 64bit machines. But are you only using Ghost? Or also their A-V and
    other "security" products?

    Finally, since you have a good backup, hopefully, with the Ghost, I would
    strongly consider simpy re-imaging from the most recent ghosted backup prior
    to the problems. Yes, you might lose a few files you've worked on in the
    last few days, but the confidence that you're at least back to a known good
    state wouild be enough to make me want to do it. I'm not at all trusting
    that things will be "normal" or right after what has happened any other way.
     
    Charlie Russel - MVP, Jan 8, 2008
    #3
  4. Andrew Tapp

    Andrew Tapp Guest

    Charlie, many thanks for your reply.

    Update; As Paul stated none of the normal repair options e.g. repair from
    the install disk or any of the other repair options worked.

    I am running other Norton (Symantec) AV and Firewall products (all 2008
    versions), however i have NOT experienced any issues for the year or so i
    have been running Vista, until now.

    I develop software as a living, and am reasonably used to failures etc.,
    Vista 64-bit is certainly the most stable windows i have experienced so far.
    However i believe the issues i experienced yesterday are not connected with
    Norton, and that they are to do with the CHKDSK utility, as stated in the
    knowledge base articles (although not yet referenced to Vista).

    Having said that my solution was to restore from a previous backup (5 days
    ago), on to a spare hard drive which worked 100%. I then attempted to mount
    the old drive as an external USB hard drive, however Vista did not recognise
    the disk and no matter what i did with permissions i couldn't get Vista to
    recognise it. I eventually booted to a USB pendrive loaded with VistaPE and
    was able to access the old drive and copy a number of files i know have been
    change since the backup (using the command prompt). I was then able to
    overwrite these on to my restored system, and am now back up and working
    perfectly, as if nothing had gone wrong.

    My advise to anyone reading this is that things do go wrong, sometimes these
    can be quite easily fixed, however if something major does happen make sure
    you have implemented a backup policy.

    I hope this helps.
     
    Andrew Tapp, Jan 9, 2008
    #4
  5. I'm glad you're back up, and I agree about the importance of backups.

    I also am very leary about using chkdsk. Which is why I started this out
    with the comment about not using it with the /f option until you're sure
    what it's going to try to do.
     
    Charlie Russel - MVP, Jan 9, 2008
    #5
  6. Andrew Tapp

    R. C. White Guest

    Hi, Andrew.

    I hesitate to ask this to a guy with your qualifications, but...

    Did you use Disk Management to be sure the spare drive was recognized as a
    "foreign disk" and properly initialized in Vista? You probably did, but
    your post didn't mention DM.

    I haven't had this problem of adding an external USB hard drive, but several
    users have reported it here. There has not been much feedback, though, as
    to the eventual diagnosis and resolution of the problem. Many users are
    simply not familiar with the many uses of Disk Management, even though it
    has been a part of Windows since Win2K, and has been greatly improved in
    WinXP and again in Vista. Much of DM's help file is focused on dynamic
    disks and the GUI disk system, which few of us are involved with yet, so
    it's sometimes hard to dig out the nuggets that we mainstream users need,
    but the information is usually there - somewhere. (It's even harder for
    non-techies like me.) Search the Help file for "foreign", and be sure it is
    looking in Disk Management, not in the broader MMC.

    Please report back with what you learn. Other users (and we who try to help
    them) can benefit from it.

    RC
    --
    R. C. White, CPA
    San Marcos, TX

    Microsoft Windows MVP
    (Running Windows Live Mail 2008 in Vista Ultimate x64)
     
    R. C. White, Jan 9, 2008
    #6
  7. Good point, RC. I've seen the same thing with USB disks - you have to
    "introduce" them to Vista. ;)
     
    Charlie Russel - MVP, Jan 9, 2008
    #7
  8. Andrew Tapp

    dodexahedron Guest

    I have to agree that this is the same issue as reported in KB913034.
    I'm testing the theory by manually setting permissions back to how they
    are on a good install, though this may take some time unless the app I
    wrote to go through and replace permissions ends up working.
     
    dodexahedron, Mar 25, 2008
    #8
  9. Andrew Tapp

    Carlos Guest

    Hi,
    Do you hear "click"-like noises when trying to access the drive?
    Looks like a hardware (i.e.: RIP raptor) issue rather than a logical one.
    You might also try diagnostics tool downloadable from western digital web
    site.
    Carlos
     
    Carlos, Jul 18, 2009
    #9
  10. Andrew Tapp

    Carlos Guest

    Hi,
    The fact that the hard drive is correctly identified in BIOS means that it
    (BIOS) can communicate with the drive electronics.
    Al the mechanical injured disks I have ran into were properly "seen" by BIOS.
    Carlos
     
    Carlos, Jul 18, 2009
    #10
  11. Andrew Tapp

    Carlos Guest

    Carlos, Jul 19, 2009
    #11
  12. Andrew Tapp

    Guest

    Hi there, Hoping for a bit of help if possible

    I am an IT manager at a school in south africa. We currently get an outsidecompany to do our server support. On Wednesday our main file server just rebooted and ran though a basic check disk and when it came back up in windows non of the security was available. I contacted our server team and they said that they need to rebuild the filesystem (ntfs i think). i have been keeping an eye on this since it started on wednesday at 10h00 and it looks like chkdsk but it is saying "replacing invalid security IDs" for what lookslike every file on that drive. What is very worrying is that it is now sunday and it is still running and is now at about 629 000 files. As far as i know our server runs as a VM together with exchange VM on on server box butas far as i know we only have 1.5TB hard drive space in total on our fileserver. They have even stopped the exchange VM to speed things up, but that hasnt done much.

    I think they increase the disk space allocation from about 500GB to 1.5TB which might have been the cause of some of this, but i am now very worried that our fileserver will not be up and ready by start of day tomorrow.

    Can you give me some advice on this, are waiting for it to finish the best option for us or are there anything else we can try? What will happen if wecancel this? and do you have any ideas on how to see how many files it still need to run through?

    I am now hoping that someone on the internet will be able to help with someadvice as just watching this run doesnt seem like the best that we can do to get the server back up.

    Hoping to hear back from you soon,
    Hendrika
     
    , Apr 6, 2014
    #12
  13. Hi,

    I don't have personal experience of this situation, but the bad
    news is that even if the program finishes running, you may still
    be in trouble. If you type "replacing invalid security ID" into
    Google or another search service - including the quote marks
    before and after the words - then you'll see some stories
    about it.

    I think they're saying that one possible situation is that
    the computer has forgotten who is allowed to use each file
    on the disk, which may mean that no one is allowed.
    You may have to re-create a suitable security setting
    on each file.

    In the meantime, you can possibly run another command of
    "DIR C:\ /W /S" for the appropriate drive letter,
    which may run for several minutes itself but eventually
    will tell you how many files on the disk. My laptop has
    about 240,000 files for Windows and application software,
    but my data is in a separate partition.

    As a school IT administrator, you are aware of viruses, and
    there are some horrors out there that can deliberately interfere
    with file security, or encrypt files so that they are unreadable -
    and then invite you to pay a ransom to get the files back,
    to be paid in anonymous Bitcoins.

    I suppose they might let you off the hook because you're a school.
     
    Robert Carnegie, Apr 6, 2014
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.