Microsoft KB Archive/327009

= Chkdsk Finds Incorrect Security IDs After You Restore or Copy a Lot of Data =

Article ID: 327009

Article Last Modified on 2/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Service Pack 3

-



This article was previously published under Q327009



SYMPTOMS
After you restore or copy a lot of data and the NTFS file system security information that is associated with that data, Chkdsk.exe may report errors on the partition. This problem may occur even if you restore or copy the data to a partition that you know to be error-free. Chkdsk may report errors that are similar to these:

CHKDSK is verifying security descriptors (stage 3 of 3)...

Repairing the security file record segment.

Deleting an index entry with Id 8447 from index $SII of file 9.

Deleting an index entry with Id 31126 from index $SII of file 9.

Deleting an index entry with Id 50636 from index $SII of file 9.

Deleting an index entry with Id 31126 from index $SDH of file 9.

Deleting an index entry with Id 50636 from index $SDH of file 9.

Deleting an index entry with Id 8447 from index $SDH of file 9.

Replacing invalid security id with default security id for file 1461234.

Security descriptor verification completed.

Windows found problems with the file system.

Note that the number of reported errors and the security IDs may vary. The index entry IDs and the file numbers may also vary.

If you then run the chkdsk /f command on the partition and you perform an audit of the applied permissions, some files and folders may have lost user-defined permissions. These permissions may have been replaced by default permissions that give access only to Local System and Administrators.

This problem may occur no matter which program you use to restore or copy the data. The problem has been reported after restoring data (with its security information) by using the Ntbackup.exe tool, and after copying data (with its security information) by using Xcopy.exe with the /o and /x switches.



CAUSE
The design of the NTFS file system requires that security descriptors be written in blocks, and that at least 20 bytes be left free at the end of each security descriptor block. This leaves space for a security descriptor header. However, in some cases, a miscalculation by the NTFS code might cause security descriptors to be written near the end of a block so that less than 20 bytes free space is left.

Chkdsk.exe then removes these security descriptors and replaces them with default security descriptors to make sure that a minimum of 20 bytes of free space remains at the end of the block. This causes a loss of user-defined security for some files and folders.



Service Pack Information
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Restart requirement
You must restart your computer after you apply this hotfix.

File information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version        Size     File name -  Oct-03-2002  14:45  5.0.2195.6078  513,616  Ntfs.sys To resolve this problem, obtain and install the hotfix that this article describes, and then restart the computer. The version of Ntfs.sys that is included in this hotfix has been corrected to make sure that security descriptors are written correctly, and that the required free space is left at the end of each security descriptor block.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article. This problem was first corrected in Windows 2000 Service Pack 4.



MORE INFORMATION
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the following article number to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server product

Keywords: kbbug kbfix kbwin2000presp4fix kbqfe kboswin2000fix kbwin2ksp4fix kbhotfixserver KB327009

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.