Using Chkdsk for Hard Drive Repair and Integrity Verification
What is Chkdsk
CHKDSK (CheckDisk) is a Microsoft disk utility that verifies the integrity of your file system and the hard disk drive blocks. The default mode scans the file system for logical errors but it will not fix any of the problems it finds.
Every Microsoft operating system since DOS has contained a tool for repairing corrupted file or folder structures and checking for bad disk sectors. In DOS it was called Chkdsk, in Windows 9X/Me it was called Scandisk, and in Windows XP (and Vista ) we are back to the name Chkdsk.
What Chkdsk does and why it should be used
Chkdsk inspects the physical structure of a disk to make sure that it is healthy. It can repair problems related to bad sectors, lost clusters, cross-linked files, and directory errors. These types of problems can arise in a variety of ways. System crashes or freezes, power glitches, incorrectly turning off a computer can all cause corruption in the file or folder structure. Physically bumping or jarring a computer can cause the head that reads disks to hit the surface and damage sectors. Once some sort of error occurs it can propagate to create more errors so a regularly scheduled disk checkup is part of good system maintenance.
Chkdsk can also serve as an early warning that a hard drive is deteriorating. Disks gradually wear out and sectors may become bad. If Chkdsk starts finding bad sectors, that is a sign that a drive may need replacing. Unfortunately, many hard drive failures are sudden and cannot be foreseen, but nonetheless Chkdsk is an important line of defense.
How to run Chkdsk - Graphical interface
Chkdsk can be run as a command-line application or it can be run with a graphical user interface. Typical home PC users will probably use the latter so I will discuss it first. Chkdsk is not normally listed in the All Programs menu but is reached by the following steps:
- Open "My Computer" and right-click on the icon for the drive that is to be checked.
- In the context menu that opens, choose "Properties".
- Click the "Tools" tab at the top of the Properties window.
- In the "Error-checking" section, click the button "Check now".
- A box showing the options for running Chkdsk is then available as shown in the figure below.
Generally, the option "Automatically fix file system errors" should be chosen for routine checks. If serious disk problems are suspected, the option "Scan and attempt recovery of bad sectors" should also be checked. However, this may involve a period of many hours.
How to run Chkdsk - Command line
Chkdsk.exe is actually a command-line application and can be run from the command shell. There are a number of switches that can be used to modify its functions. The syntax of a command is
Chkdsk [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]]
Table I give a description of the various terms and switches in the command.
Switch | Description |
[volume] | Specifies the drive letter (followed by a colon), mount point, or volume name. |
[filename] | FAT/FAT32 only: Specifies the files to check for fragmentation. |
/F | Fixes errors on the disk. Does not scan for bad sectors. |
/V | On FAT/FAT32: Displays the full path and name of every file on the disk. On NTFS: Displays cleanup messages if any. |
/R | Locates bad sectors and recovers readable information (implies /F). |
/X | NTFS only. Forces the volume to dismount first if necessary. |
/I | NTFS only: Performs a less vigorous check of index entries. |
/C | NTFS only: Skips checking of cycles within the folder structure. |
/L[:size] | NTFS only: Changes the log file size to the specified number of kilobytes. |
(Windows Vista also has a switch /B for re-evaluating bad clusters on a volume.)
Although Chkdsk can be run with no switches, the most useful application is to use either the /F or /R switches. This corresponds to the two options in the graphical interface discussed above. Note that running with the /R option can be quite lengthy. If there are unusually large numbers of files, the /F option can also take many hours. The /R switch includes the functions of the /F switch.
Running after a reboot
Chkdsk cannot carry out repair functions if any of the files on a disk are locked or in use. So it generally requires a reboot to run a check on any active volume with files in use. Chkdsk then runs before the full system is loaded and files become locked.
If you turn off your computer incorrectly, you may find that Chkdsk will run when you reboot. This is a safety feature to make sure that no file or folder corruption occurred.
Understanding how Chkdsk works
Chkdsk tests both FAT and NTFS systems but NTFS is now the most common file system. Here is a brief description of what Chkdsk does when it runs on an NTFS system. Chkdsk's activity is divided into three major passes plus an optional fourth and fifth pass. During each pass a message and a progress report is displayed.
Phase 1: Checking files
During its first pass, Chkdsk examines each file record segment in the volume's master file table (MFT) and examines it for internal consistency. At the end of this phase, Chkdsk has identified the space that is in use and the space that is available, both within the MFT and on the volume as a whole.
Phase 2: Checking indexes (directories)
During this pass, Chkdsk examines each directory that is on the volume, checking for internal consistency and verifying that every file and directory that is represented by a file record segment in the MFT is referenced by at least one directory. Chkdsk confirms that every file or subdirectory that is referenced in a directory actually exists as a valid file record segment in the MFT and also checks for circular directory references. Finally, Chkdsk confirms that the time stamps and file size information for the files are up-to-date in the directory listings for those files.
Phase 3: Checking security descriptors
During this phase, Chkdsk examines each security descriptor that is associated with files or directories on the volume. Security descriptors contain information about ownership of a file or directory, about NTFS permissions for the file or directory, and about auditing for the file or directory.
Phases 4 and 5: Checking sectors (optional)
If the /R switch is in effect, Chkdsk runs two more passes to look for bad sectors. During stage 4, Chkdsk verifies all clusters in use; during stage 5, Chkdsk verifies unused clusters. Note that this process can be quite lengthy. taking many hours.
Caution
Interrupting the Chkdsk process when it is used with the /F or the /R switch is not recommended. The integrity of the disk can be compromised by stopping the process. Do not start a scan if a thunderstorm is expected and you are subject to power failures. I also strongly advise an uninterruptible power supply to guard against short-term power outages or fluctuations.
Running Chkdsk from the Recovery Console
Chkdsk is available from the Windows Recovery Console and can be a very valuable tool in dealing with a system that does not boot properly. Note that many systems have been rescued by the Recovery Console command chkdsk C: /R Switches for the Chkdsk command in the Recovery Console are not the same as those in Table I. There are only two:
- /P : Does an exhaustive check of the drive and corrects any errors. Does not check for bad sectors
- /R : Locates bad sectors and recovers readable information. Includes functions of /P
Autochk.exe
The chkdsk command requires the file Autochk.exe. If it cannot find it in the startup directory (\%systemroot%\System32, by default), it will attempt to locate it on the Windows Installation CD.
For Win 2000, XP, or Vista , autochk.exe is the chkdsk program that gets run at boot time specifically for the boot hard drive. If you try to run chkdsk on the boot drive, your job will be scheduled to run when Windows boots because chkdsk cannot work when any files on the disk are open.
The 'dirty bit' on the file system is used to trigger autochk.exe at startup. While Windows is running, you can check the status of the dirty bit by entering this fsutil command into the cmd window (start >> Run >> cmd.exe):
fsutil dirty query C:
If autochk runs at boot time but you did not schedule it to do so, then some file system error event must have set the dirty bit. This should be a one time event because Autochk will clear the dirty bit when it completes successfully.
If autochk continues to run every time you boot your computer then you likely have a hardware problem. You can verify the problem by running a hard drive manufacturer's diagnostics on the drive. If there is any indication of a hard drive problem, consider yourself lucky that you can still read your data, and run out to buy that bigger hard drive you've been looking at.
Repair using boot up disks
- Boot your computer from your Windows XP CD or from your 6-disk XP/2000 Boot Disk Set. To do this, insert your CD or Floppy #1 and turn your computer on. When the menu comes up, select boot from CD or boot from floppy (do not select boot from hard drive).
- Your computer will begin to boot. Eventually, you will see a screen asking you what you would like to do. Press the letter R on your keyboard to proceed to the Windows Recovery Console.
- As you progress to the Recovery Console you may be asked which partition you would like to boot into. Type the number associated with the partition containing your NTFS partition (usually 1 or 2) and then press enter to continue. You may be asked for your administrator password. If you have one, type it in and press enter. If you do not have a password to boot your computer into Windows, simply press enter.
- Now you should be at a command prompt. from here, type the following command without the quotes and press enter: "chkdsk /p"
- This is a short test that will tell you whether or not a longer test is needed. If after the test completes, the message "One or more errors detected on the volume" appears, then proceed to step 6. If no errors are reported, then your drive can not be repaired using chkdsk.
- Now you should be back at the command prompt. Type the following command without the quotes and press enter: "chkdsk /r"
- This test will take a while depending on the size of your drive. It will look for the errors on your drive and repair them. When it completes, you will be back at a command prompt.
- Now type "chkdsk /p" again and press enter. If no errors are reported, your drive has been successfully repaired and is safe to use again temporarily. If errors are still reported, then your drive is on its last leg. You may be able to boot it now though.
- Remove the floppy disk or CD from your system and restart the PC. Take a moment now to back up your important data.
Additional Syntax for Experienced Users
- /F Automatically Fix file system errors on the disk.
- /X Fix file system errors on the disk, (Win2003 and above)
dismounts the volume first, closing all open file handles. - /R Scan for and attempt Recovery of bad sectors.
- /V Display the full path and name of every file on the disk.
- /L:size NTFS only: change the log file size to the specified number of kilobytes. If size is not specified, displays the current log size and the drive type
(FAT or NTFS). - /C Skip directory corruption checks.
- /I Skip corruption checks that compare directory entries to the
file record segment (FRS) in the volume's master file table (MFT)
Sources and Additional Information
Posts
