Chkdsk (Autocheck) not running at boot
GSV Three Minds in a Can
has solved it (someone fixed their by removing Norton security suite,
which I don't use).
The registry entry gets added OK, but it just stays there. Disk check is
never run, no sign of it at bootup, nothing in the logs (not even a
bleat about why not).
Common opinion seems to be that 'something' can grab hold of the
(system, in this case) volume before disk checking starts, and that
causes it to (silently?) abort 'until next time' (manana). But
what/where can things get loaded before even the 'bootexecute' key gets
run?
Yes, I can run it from the recovery console, but that's naff-all good if
the volume is dirty and the user doesn't know it. Expert MS(MVP) help
awaited (presumably someone must know what goes wrong, or at least where
to look)??
TIA
--
GSV Three Minds in a Can
7,053 Km walked. 1,267Km PROWs surveyed. 23.0% complete.
GSV Three Minds in a Can
GSV Three Minds in a Can <G...@quik.clara.co.uk> said
--------- Additional info ---------
It still doesn't run if I use msconfig to ask for a diagnostic start
up.
If I boot into 'safe mode' (F8) it does run, right after the last driver
(mup.sys) loads, however there is no screen output from the check (I
know it runs because a) the disk light stays on for 5 minutes, and b)
the resulting check log gets copied for event log by winlogon). I
=thought= you got screen output from checkdisk/Autocheck, No??
If this is not the most appropriate forum, please feel free to point me
elsewhere ... and nope, I am not about to re-install the OS to see if
that fixes it. 8>.
Wesley Vogel
Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Look in Application | Listed as Information |
Event ID: 1001
Source: Winlogon
[[Description: This includes file system type; drive letter or GUID, and
volume name or serial number to help determine what volume Chkdsk ran
against. Also included is whether Chkdsk ran because a user scheduled it or
because the dirty bit was set.]]
After you schedule chkdsk and reboot, if you get one of these messages:
Cannot lock volume for direct access
or
Cannot open volume for direct access
<quote>
This problem occurs because the Chkdsk.exe utility or the Autochk.exe
utility could not lock the partition. This problem can occur if another
utility or service, such as a virus checker program or a disk monitoring
program, locks the partition before you try to run the Chkdsk.exe utility or
the Autochk.exe utility.
<quote>
There are several things that can cause the problem.
Symantec AntiVirus Corporate Edition 9.0 can cause the problem.
Chkdsk.exe or ScanDisk fails to run on Windows XP or Windows 2003 after
installing Symantec AntiVirus Corporate Edition 9.0
http://service1.symantec.com/SUPPORT/ent-security.nsf/529c2f9adcf33a1088256e22005026f1/52d79c84c363973488256ea600542b5a
A program called Hitman Pro can cause the problem.
A really old version of ZoneAlarm (a version from 2004) can cause the
problem.
BitDefender Internet Security 9 can cause the problem.
[[Ok BitDefender live support told me yesterday that they are working on it
and sending people analyse tools but she didn't send me one.....]]
from...
Kr...@discussions.microsoft.com 21 May 2006
Spyware Doctor can also cause the problem.
The /x switch doesn't work if Spyware Doctor is installed. Spyware Doctor
needs to be uninstalled or you can do this...
Quoted from *PCTools*, *Spyware* *Doctor*...
1. Exit from Spyware Doctor (to exit from Spyware
Doctor please right click on the Spyware Doctor icon in
the notification area (next to the clock on the Windows
taskbar) and select Exit from the menu that appears)
2. Delete the file
ikhlayer.sys from %windir%\system32\drivers\
or
from c:\windows\system32\drivers\
3. Restart Spyware Doctor
Chkdsk, defrag and error-checking should now work.
-----
You can also try this.
To run chkdsk from a command prompt.
Start | Run | Type: cmd | Click OK |
In the command prompt, type:
chkdsk C: /x
Hit your Enter key.
The following error message appears:
Chkdsk cannot run because the volume is in use by another process. Would you
like to schedule this volume to be checked the next time the system
restarts? (Y/N)
Type Y, hit Enter and close the command prompt.
Reboot.
The /x switch: Use with NTFS only. Forces the volume to dismount first, if
necessary. All open handles to the drive are invalidated. /x also includes
the functionality of /f. The /F switch fixes errors on the disk.
Unable to run CHKDSK
http://support.microsoft.com/kb/555484
[[Message 1
Cannot lock volume for direct access
Message 2
Cannot open volume for direct access ]]
You receive an error message when you run the Autochk.exe utility on a
partition after you restart the computer or when you schedule the Chkdsk.exe
utility to run on a partition on a Windows 2000-based computer or a Windows
NT-based computer
http://support.microsoft.com/kb/160654
This can sometimes work.
Schedule chkdsk and reboot in Safe Mode.
The way to do that in this instance is to use the msconfig method.
Start | Run | Type: msconfig | Click OK |
BOOT.INI tab | Under Boot Options select: /SAFEBOOT
The /SAFEBOOT switch causes Windows to start in Safe Mode.
After making those boot.ini changes using msconfig, you need to click Apply
and Close.
Then click on: Restart.
See if chkdsk runs correctly.
Then before you shutdown or reboot again, open msconfig...
UNSelect: /SAFEBOOT under the boot.ini tab | Click Apply |
Under the General tab Select: Normal Startup - load all device drivers and
services | Click Apply and Close
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:4HAuzRBy...@from.is.invalid,
GSV Three Minds in a Can <G...@quik.clara.co.uk> hunted and pecked:
GSV Three Minds in a Can
right now, but I'll go look harder at the event log tomorrow. A cursory
ramble through before showed nothing obviously 'autochk related', which
is why I said 'no error message' (and the registry shows the check to
still be scheduled for next time)..
fwiw, this is only (afaict) happening on the system/boot partition/drive
(C:). Autocheck runs fine (but with no output to the screen for some
reason) if I boot in safemode (/safeboot, or use f8).
I do have 'automatic user logon' enabled, but presumably the diskcheck
ought run before the user logon happens.
The only virus scanner running is AVG, and Grisoft swear it isn't them,
but I guess I could disable it and see. However there are some other
cr&p services that may be an issue (cryptsvr springs to mind). Plus the
usual suspects from Creative Labs, ATI, NVidia, etc.
I will also try the /x switch, and try comparing a bootlog from safe
mode with the (economy size!) one from a normal (albeit 'diagnostic
mode, most stuff turned off') one. There is still a slew of extra stuff
in the latter (and autochk doesn't run in that case).
Thanks again ..
D.
Bitstring <OYc9putI...@TK2MSFTNGP06.phx.gbl>, from the wonderful
person Wesley Vogel <123WVo...@comcast.net> said
--
GSV Three Minds in a Can
person Wesley Vogel <123WVo...@comcast.net> said
>For a look at the chkdsk log.
<big snip>
There is nothing in the event log from Winlogon when chkdsk has failed
to run. Not a complaint about 'can't lock volume', not anything at all.
8>.
From looking at a 'regmon' log of the boot process (huge!) I can see
that 'autochk.exe' did in fact go pull a few registry keys (there are
6-8 lines of activity in total) twice, in rapid succession (but I do
have 2 discs on the system), but that's all - no output. The
'bootexecute' line remains as it always was with /p \??\ C:, which I
guess means that it knows it didn't do it, try later.
The c:\ system volume is marked as dirty (I checked).
I'm mystified as to why I don't at least get a suitable message - I
could understand something getting access to the volume, but a message
would be nice.
On another (similar, but not identical) system, I asked for a chkdsk of
the boot/system volume, and it happened (with on screen output etc.) on
the second reboot .. not sure 'why not' on the first one. Again, when it
failed to run there was no 'winlogon' messages in the event log at all.
Wesley Vogel
> guess means that it knows it didn't do it, try later.
This command
Chkdsk C: /F
adds this in the registry
Autocheck autochk /p \??\C:
Which schedules an unconditional Chkdsk against the volume C:
---------
Try this.
Open a command prompt...
Start | Run | Type: cmd | Click OK |
Type or paste the following line:
chkntfs /d
Hit the Enter key.
Chkntfs displays or modifies the checking of disk at boot time.
The /d switch restores the machine to the default behavior; all drives are
checked at boot time and chkdsk is run on those that are dirty.
Autochk.exe is a version of Chkdsk that runs only before Windows XP
starts. Autochk runs in the following situations:
Autochk runs if you try to run Chkdsk on the boot volume.
Autochk runs if Chkdsk cannot gain exclusive use of the volume.
Autochk runs if the volume is flagged as dirty.
-----
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Value Name: BootExecute
Data Type: REG_MULTI_SZ
Value Data: autocheck autochk /r \??\C:
chkdsk c: /f /r
adds the following entry to the BootExecute value:
autocheck autochk /r \??\C:
from...
CHKNTFS.EXE: What You Can Use It For
http://support.microsoft.com/kb/160963
So does running the Check Disk tool from Drive Properties.
Right click Drive | Properties | Tools tab | Check Now button |
Select both boxes in Check Disk Local Disk (C:)
<quote>
Registry value Function
----------------------------------------------------------------------------
/P \??\Volume: Schedules an unconditional Chkdsk against the
volume.
/p \??\VOLUME{GUID} Schedules an unconditional Chkdsk against a volume
mount point.
/k:Volume * Excludes Chkdsk from running against the volume.
/m \??\Volume: Tells Autochk to look only at the dirty bit on the
volume, and if set, run Chkdsk.
Sample command Resulting registry entry
-------------------------------------------------------------------------
Chkdsk C: /F Autocheck autochk /p \??\C:
Chkdsk C:\mountpoint /F Autocheck autochk /p \??\VOLUME{GUID}
Chkntfs D: E: /X Autocheck autochk /k:D /k:E *
Chkntfs G: /C Autocheck autochk /m \??\G:
<quote>
from...
Description of Enhanced Chkdsk, Autochk, and Chkntfs Tools in Windows 2000
http://support.microsoft.com/kb/218461
<quote>
BootExecute Data Item
The BootExecute data item contains one or more commands that Session Manager
runs before it loads any services. The default value for this item is
Autochk.exe, which is the Windows NT version of Chkdsk.exe. The default
setting is shown in this example:
BootExecute : REG_MULTI_SZ : autocheck autochk*
<quote>
from...
Windows NT Workstation Resource Kit: What Happens When You Start Your
Computer
http://www.microsoft.com/technet/archive/ntwrkstn/reskit/booting.mspx?mfr=true
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:ZJVGgkDo...@from.is.invalid,
GSV Three Minds in a Can <G...@quik.clara.co.uk> hunted and pecked:
GSV Three Minds in a Can
>> guess means that it knows it didn't do it, try later.
>
>This command
>Chkdsk C: /F
>adds this in the registry
>Autocheck autochk /p \??\C:
>
>Which schedules an unconditional Chkdsk against the volume C:
<huge snip>
Yes, the registry value is being set correctly, as described in all the
MS documentation, and your responses. CHKNTFS, CHKDSK, and FSUTIL all do
what you'd expect.
What DOESN'T happen is that, at boot time, autochecking doesn't happen
(although autochk.exe runs, since I can log it accessing the registry),
apparently no autochk.log file is created in c:\ (so Winlogon doesn't
copy it to the event logs), and the registry entry is not reset to the
"autocheck autochk *" state that it should revert to.
WHY, exactly, autochk peers into the registry, and then decides not to
do anything (including 'not to produce a .log file with an error message
in') I can't explain. Answers on a postcard ...
It doesn't seem to matter if I set /p to force a diskcheck, or just set
the dirty bit and rely on the automatic detection/scan - it doesn't
happen (unless I boot in safe mode, then it does). The dirty bit has
been set on that system for some days, and it's gone through 1 reboot
every 24 hours with no checkdisk run.
I guess I better go look at a logged boot and see if I can find anything
odd. There is various copy protection rubbish being loaded as drivers
(SVKP.sys, Safedisk (secdrv.sys), and cryptsvr) which I guess I can
disable.
8<,
Wesley Vogel
> copy it to the event logs),
No such thing as autochk.log, it's Bootex.log
[[When Autochk runs against a volume at boot time it records its output to a
file called Bootex.log in the root of the volume being checked. The Winlogon
service then moves the contents of each Bootex.log file to the Application
Event log.]]
Bootex.log is then deleted. The Application Event log is AppEvent.Evt and
is viewed in the Event Viewer, under Application.
Paste this into Start | Run, click OK and see if it opens...
C:\Bootex.log
Bootex.log can be acessed with recovery software such as Restoration.
This is free.
Restoration Version 2.5.14 Author: Brian Kato
http://www3.telus.net/mikebike/RESTORATION.html
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:H02RfQDm...@from.is.invalid,
GSV Three Minds in a Can <G...@quik.clara.co.uk> hunted and pecked:
GSV Three Minds in a Can
>> copy it to the event logs),
>
>No such thing as autochk.log, it's Bootex.log
Yep, but whatever it is ('would be') called it is not being created, and
thus not being copied to the event log.
>[[When Autochk runs against a volume at boot time it records its output to a
>file called Bootex.log in the root of the volume being checked. The Winlogon
>service then moves the contents of each Bootex.log file to the Application
>Event log.]]
>
>Bootex.log is then deleted. The Application Event log is AppEvent.Evt and
>is viewed in the Event Viewer, under Application.
>
>Paste this into Start | Run, click OK and see if it opens...
>
>C:\Bootex.log
Nope, it ain't there. It =was= there, but only last time I booted in
safe mode. During a normal boot it is not being created.
GSV Three Minds in a Can
I removed the Sonic 'DLA' (drive letter access) CD burning software, (a
whole bunch of drivers loaded from \system32\dla\*.sys) which I actually
no longer needed, and disabled the (dubiously misnamed!, and hidden)
'networkX' device (ckldrv.sys loader, part of the Cryptkey software
protection, aka PC destruction, package) and now, suddenly, disk
checking works right. I am not about to put them back to see which one
was the culprit.
Wesley Vogel
It's Roxio Drive Letter Access now.
http://www.roxio.com/enu/products/dla/overview.html
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:bN+GRSAA...@from.is.invalid,
GSV Three Minds in a Can <G...@quik.clara.co.uk> hunted and pecked:
GSV Three Minds in a Can
>
>It's Roxio Drive Letter Access now.
>http://www.roxio.com/enu/products/dla/overview.html
Well, I don't have the latest version (they want money for an upgrade,
and mine came free with an old/expensive external Sony DVD burner) and
it still might be the Cryptkey 'NetworkX' device, but I'd certainly flag
it as 'possibly dodgy'.
If I get really, really, bored over Xmas I might turn Cryptkey back on
and see whether autocheck stays working (I have a vague use for
Cryptkey, and I only disabled the devices in Device manager, whereas DLA
has actually been un-installed .. I'd have to go find the CDs to put
that back).
Of course if MS would just be a bit more careful about what
services/device drivers got loaded and started as 'system', before
Bootexecute items run, it wouldn't be a problem .. but hey, if they were
that careful, we wouldn't have rootkits, or similar good stuff ..
Wesley Vogel
> services/device drivers got loaded and started as 'system', before
> Bootexecute items run, it wouldn't be a problem .. but hey, if they were
> that careful, we wouldn't have rootkits, or similar good stuff ..
The way I understand it, MS makes the OS as bulletproof as they can, however
3rd party software folks have plenty of opportunities to mess up. Look at
Symantec, for example, you cannot even uninstall their crap without special
programs to do the uninstalling they've infested the registry so badly.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:zI2cQ4Cg...@from.is.invalid,
GSV Three Minds in a Can <G...@quik.clara.co.uk> hunted and pecked:
> Bitstring <#Kfw8ohJ...@TK2MSFTNGP06.phx.gbl>, from the wonderful
> person Wesley Vogel <123WVo...@comcast.net> said
>> Should I add Sonic DLA to my list of programs that screw up chkdsk?
>>
>> It's Roxio Drive Letter Access now.
>> http://www.roxio.com/enu/products/dla/overview.html
>
> Well, I don't have the latest version (they want money for an upgrade,
> and mine came free with an old/expensive external Sony DVD burner) and
> it still might be the Cryptkey 'NetworkX' device, but I'd certainly flag
> it as 'possibly dodgy'.
>
> If I get really, really, bored over Xmas I might turn Cryptkey back on
> and see whether autocheck stays working (I have a vague use for
> Cryptkey, and I only disabled the devices in Device manager, whereas DLA
> has actually been un-installed .. I'd have to go find the CDs to put
> that back).
>
>