Corrupt NTFS filesystem, can't get into the repair console.
November 23, 2010 7:24 PM   Subscribe

My parents computer isn't booting, and it's due to a corrupt ntfs filesystem. I'd like to run CHKDSK, but when I try to boot into the repair console, it requires an administrator password, which we don't have (second-hand computer). I can't use a password reset disk, because it won't recognize the disk (presumably due to the corrupt filesystem). Catch-22 - what now?

More complete description of the problem:

I can boot up using a linux live CD and see the partitions. Gparted tells me that the NTFS filesystem is corrupt, but as far as I know, there's no way to fix that from linux. (please correct me if I'm wrong)

What I'd like to do is boot off of their Windows CD, drop into a recovery console, and run CHKDSK to repair the corrupt filesystem. When I try to do so, it recognizes the windows partition and requires the administrator password to proceed. We don't have this, because the computer was bought secondhand, and (stupidly) I never thought to have them reset it.

My next thought was that it's possible to reset the Administrator password, using a utility like this (NT password editor). Unfortunately, that utility can't seem to find the windows partition at all (presumably because it's corrupt?)

So what's my next best step? Is there a better password reset utility that might work? Is there another way to bypass the Administrator login requirement to run CHKDSK? If I go buy an external hard drive enclosure and hook it up to another box via USB, will I be able to run CHKDSK and repair the filesystem?
posted by chrisamiller to Computers & Internet (17 answers total) 3 users marked this as a favorite
Response by poster: Sorry - I somehow forgot to mention that they're running Windows XP.
posted by chrisamiller at 7:27 PM on November 23, 2010

If you have access to a live windows operating system, and if you have access to a copy of the Windows XP CD (which sounds like you do), you can download BartPE and create a BartPE boot disk:

You will have access to chkdsk using this utility.

If you can't see your hard disk using this utility, you may have to change a BIOS setting to present the disk as IDE or comparability mode.
posted by Progenitor at 7:32 PM on November 23, 2010

If you have another desktop handy, you should be able to install the corrupt drive into it directly, boot off of that computer's (good) drive, and CHKDSK the corrupt disk.

Just leave the drive hanging out the side. It might be easiest to unplug the CD-ROM drive in the second computer, and use those cables to hook up the bad drive.

Weirdly, none of the usual "rescue" CDs seem to have CHKDSK included. Having an NTFS volume become corrupt enough to not boot is usually indicative of some other problem -- I personally can't remember ever actually encountering it happening in my travels.
posted by schmod at 7:32 PM on November 23, 2010

If possible, you might want to create an image of the whole hard drive before messing with it further.
posted by grouse at 7:37 PM on November 23, 2010 [1 favorite]

Best answer: The ultimate boot CD has an NT password reset tool that works like a charm. That would probably be the simplest.
posted by zug at 7:39 PM on November 23, 2010 [1 favorite]

Trinity Rescue Kit is a Linux Live CD that I've had success with in the past. It includes a simple tool to reset Windows passwords, and several methods to recover and transfer files. Good luck.
posted by dirm at 7:45 PM on November 23, 2010

Response by poster: Turns out that there was an Ultimate boot CD lying around, and while I had tried it, I couldn't find the password reset utility. After learning that it was definitely on there, I was able to dig around a little more and find it. It let me reset the Admin password, and I'm currently running CHKDSK.

Yeah, grouse, a disk image would be a good idea, but they've got recent backups and I don't want to spend all vacation hacking away down here (especially when there's pumpkin pie to be eaten!). Thanks for the solid advice, though.

Many thanks to all. I can't help feeling like this all would have been much simpler if I could convince them to use linux.
posted by chrisamiller at 8:02 PM on November 23, 2010

Oh, and once you're all done with this, please check your Hard Drive's SMART status. I have a sneaking suspicion that a hardware problem might be at the root of this issue.

For all the crap we give Microsoft, NTFS is a rather good filesystem. It's very very difficult to render a partition completely unbootable, unless you've somehow messed up your boot sector (in which case, you'll need to run 'fixboot' and 'fixmbr' from the recovery console).

And if you need any help, let us know. You seem comfortable with this stuff, so I'm not going to waste time with too many unnecessary details).
posted by schmod at 8:11 PM on November 23, 2010

Response by poster: I have a sneaking suspicion that a hardware problem might be at the root of this issue.

I know that just prior to the problem, they did a hard reboot by holding down the power button. I'm guessing that's the root of the problem, as opposed to a hardware issue. Solid advice, though.
posted by chrisamiller at 8:21 PM on November 23, 2010

When Linux declares an NTFS filesystem to be corrupt, sometimes all that means is that the PC has been crash-stopped and the FS hasn't been unmounted cleanly. Usually all that's required to regain access is clearing the NTFS journal; the last few filesystem operations will be lost, but the FS itself will not typically be damaged.

The Trinity Rescue Kit that dirm linked about has a "mountallfs" script for gaining access to all local disk filesystems. If you invoke it with "mountallfs -g", it will use ntfs-3g to mount all detected NTFS partitions. Any that haven't been cleanly unmounted will cause complaints that tell you so, and ask you whether you'd like to override the usual checks and mount them anyway; and usually this works just fine.

On the other hand, simply crash-stopping a Windows box doesn't usually render it completely unbootable (unless it was in the middle of applying Windows updates at the time; that sometimes does Bad Things). So you're doing the right thing by using CHKDSK from the recovery console.

Incidentally, the fact that your password reset utility was able to do its job says to me that it did actually manage to mount the FS (otherwise it would not have been able to get access to the SAM registry file where all the passwords are kept). So I don't expect you'll find enormous amounts of FS damage.

If the problem was in fact caused by crash-stopping a Windows update (especially a drivers update!), you might get some joy from pounding F8 at startup and then telling Windows to use its Last Known Good Configuration. If that doesn't work, your best bet is probably going to be using the Setup CD to run a repair install.
posted by flabdablet at 1:38 AM on November 24, 2010

I forgot the command BUT you can repair the file system with fdisk i think it is on the windows recovery console on the windows cd.

I might have the command wrong But it can be done in recovery.

Also does a blue screen happen when the computer boots up. Like schmod states people bash windows but the error messages in windows tell yopu a lot and a blue screen is very helpfull.
posted by majortom1981 at 3:53 AM on November 24, 2010

This tutorial is great. I recommend it often. "Repairing Windows XP in Eight Commands"
posted by TomMelee at 7:49 AM on November 24, 2010

My parents always save their computer problems for when I visit too!
posted by Sully at 5:21 PM on November 24, 2010

Response by poster: I was able to boot into the recovery console and run CHKDSK /R, which didn't seem to solve the problem. I also ran through various other potential fixes. I used FIXMBR, and rebuilt the boot config, but still get no joy.

After the bios screen, I get a boot selection screen, that asks me to select the appropriate operating system (including the one that I just added with "bootcfg /rebuild"). I select the OS, and at that point, I just drop to a completely blank (black) screen.

As mentioned above, the disk clearly isn't completely hosed, since I was able to reset the password and run some utilities like chkdsk. Am I right in thinking that some crucial OS files were hosed, and that my best bet is to do a reinstall of windows?
posted by chrisamiller at 10:42 AM on November 25, 2010

Best answer: Try a repair install before going the nuke and pave. If it works, all your existing apps will remain properly installed afterward and you shouldn't lose any user data; but back it all up first to an external drive before you start, just in case.
posted by flabdablet at 10:46 AM on November 25, 2010

I don't want to spend all vacation hacking away down here

Windows is gonna find ways to make you do just that. You know that, right? This vacation is burnt. So you might as well go the whole hog, and set them up to dual-boot. That way, the next time they drive Windows into the weeds, they can either wait (for a long time - you're a busy man) for you to come fix it, or they can start it up in Linux "just until you can come by and fix Windows for us" which by the time you get round to it will probably no longer be necessary.

Just sayin'.
posted by flabdablet at 10:55 AM on November 25, 2010

Response by poster: Thanks guys. I whipped the computer into a more-or-less functional shape before I had to catch my flight.
posted by chrisamiller at 10:46 AM on November 29, 2010

« Older How is spyware formed? How computor get varus?   |   Yeshiva University Newer »
This thread is closed to new comments.