[Novalug] SOT: Fixing NTFS file system with Linux

Ken Kauffman kkauffman@headfog.com
Sat Dec 8 00:45:45 EST 2007


Actually -- I did not lose any data because the offending directory I
implicitly remember being an artifact left over after cleaning it out. But
your point is noted.

Ken

On 12/7/07, Anthony Soucek <monkeywrenchit@gmail.com> wrote:
>
> A recent study by google showed that drives have an average of 8%
> chance of failure per year,  so even if you are clever enough to fix
> your corrupted file system (maybe) you still wound up deleting some
> offending directory(s) so data was lost.  I'm thinking a backup is a
> good thing.  Thanks for sharing your trick.
>
> On Dec 6, 2007 11:53 PM, Ken Kauffman <kkauffman@headfog.com> wrote:
> > Ah -- how did I deduce it "existed".   I could see the directory in the
> > directory listing, however, when I tried to change to it, remove it or
> > change permissions on it, I received errors.  This led me to be believe
> that
> > it was a file system table issue.  The windows utilities could not deal
> with
> > it in this odd state, but the Linux utilities allowed me to remove
> it.  I'm
> > assuming the Linux tools are move capable of dealing with this
> particular
> > invalid state.
> >
> > There's many valuable people on this list who help when they can.
> :)  Thanks
> > for the kudo shout though.
> >
> > Ken
> >
> >
> >
> > On 12/6/07, Jay Hart < jhart@kevla.org> wrote:
> > > Ken,
> > >
> > > Not busted my chops at all. I commend you for your excellent problem
> > solving
> > > skills.  You lost me on the "There is a directory that "exists"" which
> > since
> > > you don't tell us what it is, I was wondering how on earth you knew it
> was
> > > there, how you spotted it, and how you know it was your problem.
> > >
> > > Ken, once again you you prove your worth to this list.
> > >
> > > Jay
> > >
> > > > Smug little tekkies with their "where's your backup?" comments don't
> > address
> > > > cost effectiveness.  (grin)
> > > >
> > > > The reality is that I recovered it within one day (total time
> investment
> > of
> > > > about 5-6 hours).  I also know that unless it's a physical disk
> failure
> > and
> > > > unencrypted, I can recover it.  I may not know how long -- but I
> know I
> > can.
> > > >
> > > > I have had ZERO hard drive/controller physical failures in over 20
> years
> > of
> > > > dealing with my own computers.  That said, my mother had one drive
> fail
> > > > which I still was able to recover the majority of important data
> > (admitadly
> > > > that was partially lucky).  So -- my 'hoops vs. risk' ratio has
> always
> > > > worked in my favor.
> > > >
> > > > I attribute my high success rate with computers to my religious use
> of
> > UPS
> > > > units.  Not only do they keep the power supply stable, they also
> > condition
> > > > it and keep it clean.
> > > >
> > > > BOOYAH!
> > > >
> > > > Have a nice day ...
> > > >
> > > > (You smilin Jay?  You know I'm busting your chops with this right?)
> > > >
> > > > K
> > > >
> > > > On 12/6/07, Jay Hart < jhart@kevla.org> wrote:
> > > >>
> > > >> Ken,
> > > >>
> > > >> Had you had another backup source of your files, would you still
> have
> > had
> > > >> to
> > > >> jump through these hoops?
> > > >>
> > > >> Jay
> > > >>
> > > >> > Can I just say -- holy crap --
> > > >> >
> > > >> > I am merely sharing an experience here in case you run into the
> same
> > > >> issue
> > > >> > for those that have to play in the <sarcasm>WWoW[tm]  (Wonderful
> > World
> > > >> of
> > > >> > Windows)</sarcasm>
> > > >> > This is also not intended to trigger the non-constructive
> > contributors
> > > >> that
> > > >> > live in the realm of M$/Vista/Windows flame bashing either. ;)
> > > >> >
> > > >> > This is my take away from this scenario --
> > > >> > If your system seems to hang with NT Kernel at 50% (dual core) or
> > 100%
> > > >> > (single core), you might have a corrupt NTFS file system that
> Vista
> > can
> > > >> not
> > > >> > deal with.
> > > >> > I absolutely had to use XP and Linux to fix it.
> > > >> >
> > > >> > 1) I must use Windows because of my job - so let's get that out
> of
> > the
> > > >> way.
> > > >> > 2) I do run Linux for non work stuff.
> > > >> >
> > > >> > /// Actors
> > > >> > - One AMD dual core X2 4400+ desktop running Vista X64 Home
> Premium
> > > >> > - One laptop running dual boot Vista X64 Home Premium and Xubuntu
> > > >> > - External 250Gb My Book Basic
> > > >> > - OEM Vista x64 disc
> > > >> > - OEM Windows XP Pro disc
> > > >> >
> > > >> > /// Scenario
> > > >> > NTFS on the MyBook has been corrupted and chkdsk utilities will
> not
> > fix
> > > >> > it.   There is a directory that "exists" but every took I have
> tells
> > me
> > > >> it
> > > >> > does not.  Sounds like an entry in NTFS but no on disc.  I want
> to
> > clean
> > > >> up
> > > >> > the disc.  My entire music library is also on this external disc
> so I
> > > >> must
> > > >> > tread with caution.
> > > >> >
> > > >> > ---
> > > >> > /// Attempt #1
> > > >> > Run chkdsk in Vista.  Supposedly fixed the issues.  Did not
> actually.
> > > >> >
> > > >> > /// Attempt #2
> > > >> > Boot of XP OEM disc and try and remove directory.  Fail.
> > > >> >
> > > >> > /// Attempt #3
> > > >> > Boot laptop into Xubuntu, ensure that I am running ntfs-3g and
> > ntfsfix.
> > > >> > Also ensure that ntfsprogs is greater than 1.13.1-1 which
> supports
> > Vista
> > > >> > NTFS.
> > > >> > Mount drive using ntfs-3g.  Remove offending directory.  No
> problem.
> > > >> > Unmount drive.
> > > >> > Run ntfsfix on said drive.  (This triggers windows to do a chkdsk
> by
> > > >> marking
> > > >> > it dirty).
> > > >> > Plug the drive back into workstation running Vista.
> > > >> > The disc is recognized as shown by the "eject" icon however VISTA
> > HANGS
> > > >> HARD
> > > >> > with the kernel jumping to 50% saturation on one core.  Full
> system
> > > >> > instability ensues.
> > > >> > Disk manager hangs and becomes inaccessible, explorer crashes,
> can't
> > be
> > > >> > relaunches, all utilities are rendered useless while the kernel
> goes
> > > >> into
> > > >> > overdrive to do nothing but something (evidently).  I could
> launch
> > task
> > > >> > manager to show that it was the NT Kernel hanging.
> > > >> >
> > > >> > /// Attempt #4
> > > >> > Boot laptop into Vista
> > > >> > Plug drive in.
> > > >> > Drive kills Vista on laptop as well.  Same symptoms as in #2.
> > > >> > In case vista was trying to repair and was simply doing it poorly
> and
> > > >> > hanging, I let the laptop sit with the disc overnight for 8
> hours.
> > > >> > When I woke up, it will still uber-borked.
> > > >> >
> > > >> > /// Attempt #5
> > > >> > Boot laptop into Vista OEM disc recovery console with drive
> plugged
> > in
> > > >> (for
> > > >> > detection purposes)
> > > >> > RECOVERY CONSOLE dies hard with same CPU hanging symptoms
> > > >> >
> > > >> > /// Attempt #6
> > > >> > Boot laptop into XP Pro (OEM) CD recovery console with drive
> plugged
> > in
> > > >> (for
> > > >> > detection purposes)
> > > >> > No hanging.
> > > >> > Run chkdsk /p  (chkdsk /f does not exist for CD boot recovery)
> > > >> > XP detects errors and resolves them.  (This takes time because /p
> > also
> > > >> > implies block check)
> > > >> > Reboot back into console and run vanilla chkdsk just to double
> check.
> > > >> >
> > > >> > ----
> > > >> > Boot back into vista on desktop and the drive mounts just fine no
> > hangs,
> > > >> no
> > > >> > issues.
> > > >> > Boot into vista on laptop, drive mounts just fine no hangs, no
> > issues.
> > > >> >
> > > >> > \\\ Final solution for Vista "unfixable" NTFS file system
> structure
> > \\\
> > > >> > - use linux/ntfs-3g to remove offending directory(s)
> > > >> > - run ntfs-fix
> > > >> > - use XP to run chkdsk
> > > >> > - now drive will re-mount in fixed condition inside Vista
> > > >> >
> > > >> > Really an unacceptable solution given I have 3 operating systems
> > > >> involved,
> > > >> > but when you must fix this scenario this is what I found works.
> > > >> > This might be of interest to you forensic-istas as well.
> > > >> >
> > > >> > Ken
> > > >> > _______________________________________________
> > > >> > Novalug mailing list
> > > >> > Novalug@calypso.tux.org
> > > >> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >
> > >
> > >
> > >
> >
> >
> > _______________________________________________
> > Novalug mailing list
> > Novalug@calypso.tux.org
> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >
> >
>
>
>
> --
> Anthony Soucek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20071208/73200149/attachment.htm>


More information about the Novalug mailing list