# Server 2003: Event ID 55 The File system structure is corrupt...



## Eclipse2003 (Apr 22, 2005)

We have a server running Windows Server 2003 R2 Standard SP2. Our server seems to be operating fine but under the event log, at random points throughout the day we get several Event ID 55 Source Ntfs Category Disc. The file system structure on the disk is corrupt and unusable. Please run chkdsk utility on the volume \Device\HarddiskVolume1 or sometimes it'll be volume C:. This error first appeared Monday morning when an employee did a hard reboot of the server (holding the power button down) because our desktops were locking up in terminal services. 

We have 2 - 160 GB hard drives in Raid 1. We have run a consistency check with the Intel Web Raid Console 2 and it says in the log "Consistency check done with corrections on VD 0. (corrections = 33). However, we are still getting this error. 

The RAID controller is listed as Intel Embedded Server RAID technology II. 

We were going to run chkdsk but it seems like everywhere we read it says to never run that on a RAID environment. 

Another thing that may be related to this is that when we go into device manager via System -> Hardware we get an error of mmc.exe is not a valid win 32 application but we can get into it by going to run and typing in devmgmt.msc.

Also, this server runs terminal services licensing but the server is not listed under the terminal services licensing and I try to go to connect but it says it cannot find the server. However, terminal services is still working and when we go into terminal services manager and configuration everything seems OK.

We've done virus scans so that can be ruled out. 

Any idea what may be happening and how to fix this?


----------



## Eclipse2003 (Apr 22, 2005)

Update: In the event log, right before I get the Event ID 55 I get the following log:

Application popup: Rtvscan.exe - Corrupt File : The file or directory C:\Documents and Settings\Allusers\Application Data\Microsoft\Crypto\RSA\S-1-5-18 is corrupt and unreadable. Please run the Chkdsk utility.

or 

Application popup: Rtvscan.exe - Corrupt File : The file or directory \WINDOWS\ntfrs\jet\temp\tmp.edb is corrupt and unreadable. Please run the Chkdsk utility. 

or 

Application popup: Rtvscan.exe - Corrupt File : The file or directory \WINDOWS\system32\LServer\tmp.edb is corrupt and unreadable. Please run the Chkdsk utility. 

or 

Application popup: Rtvscan.exe - Corrupt File : The file or directory C:\WINDOWS\Temp\pdk-SYSTEM-2468 is corrupt and unreadable. Please run the Chkdsk utility. 

Everything looks like temp folders except the first one. Is there a way to just fix these folder? What is this folder used for? Is this even something I should be worried about?

Another update. Each of those files/folders (except the pdk-SYSTEM-2468) was last modified on 6/10/2011 at 4:15 PM. At 4:14:06 PM that day there is an event log of "Previous system shutdown at 4:11:17 PM on 6/10/2011 was unexpected".

Also, I just noticed whenever I try to open the pdk-SYSTEM-2468 folder it says it is corrupted and then in the event log I get another ntfs error. So this error must be generated when those files/folders are being accessed. 

Any help would be greatly appreciated!


----------



## Wand3r3r (Sep 17, 2010)

"employee did a hard reboot of the server (holding the power button down) because our desktops were locking up in terminal services. "

You have got to be kidding. You never handle a server like that. You logon and perhaps stop and restart the TS services or do a graceful shutdown. Your server should be secured behind a locked door and should not have general access available to it.

"We were going to run chkdsk but it seems like everywhere we read it says to never run that on a RAID environment. "

where did you read this? its nonsense btw

"Please run the Chkdsk utility."
this is the only way you can correct the file system corruption

Do you have tested as good backups containing system state?????


----------



## Eclipse2003 (Apr 22, 2005)

You have got to be kidding. You never handle a server like that. You logon and perhaps stop and restart the TS services or do a graceful shutdown. Your server should be secured behind a locked door and should not have general access available to it.

I know. I have no clue why they did it that way. I told them to never do it that way again.

where did you read this? its nonsense btw

I did a search on chkdsk on raid and a lot of people mentioned that it wasn't a good idea. Check out this link

Yes, we have a Symantec Backup Exec System Recovery point that we can restore if need be.

I read somewhere that you can delete the contents of the C:\Documents and Settings\Allusers\Application Data\Microsoft\Crypto\RSA\S-1-5-18 folder and it will be re-created after a reboot. Will this work? Since this and some temp folders seem to be the only ones that are corrupted? Perhaps delete the temp folder/files it mentioned in the logs?


----------



## Wand3r3r (Sep 17, 2010)

link really doesn't differenciate between hardware and software raid clearly concerning running chkdsk.

Article infers software raid not hardware raid since you could, under software raid, run a chkdsk on a single disk of the raid which would be bad.

no such issue with hardware raid.

run chkdsk /f or chkdsk /r to correct the system corruptions. this isn't a matter of just files but of the mft and its comparision to its backup.


----------



## Eclipse2003 (Apr 22, 2005)

Ok so two questions. How do you know it is a software vs. hardware raid?

Second, when you run a chkdsk on a hardware raid is it running on both drives at the same time? So if it corrects one it corrects the other as well?

Finally, should I just go into a command prompt and type chkdsk c: /f /r and reboot?


----------



## Wand3r3r (Sep 17, 2010)

"The RAID controller is listed as Intel Embedded Server RAID technology II. "

someone would have to be really silly to setup software raid when there is a hardware raid controller.

Your link to the chkdsk had an example of what you see in disk management concerning software or hardware raid.
File recovery and hard drive data recovery software

In a hardware raid its done on the raid volume not individual disks. Basically it runs on both disks at the same time.

You would chose either /f or /r not both. /f does file system check whereas /r also checks the clusters for their ability to read/write.


----------



## Eclipse2003 (Apr 22, 2005)

Ok it is hardware then because it only lists one drive both in Disk management and in My Computer. So I'll run chkdsk and let you know the results. Should I run /f or /r?


----------



## Wand3r3r (Sep 17, 2010)

I would suggest start with /f and once everything comes back clean do a /r

Do understand that before running make sure you have tested as good backups. If severe corruption chkdsk will correct it but the corrections will result in data loss. This is not the fault of chkdsk but of the corruption. 

Chkdsk is the only way I know of to correct disk/file system corruption.

What you have described does not sound severe if that is any help. Just want you to be aware there is risk.


----------



## Eclipse2003 (Apr 22, 2005)

Thanks a lot man. Didn't realize you were the same person who responded to my other post. Haha. chkdsk worked fine and now my Terminal Services Licensing is working again and everything and the ntfs errors went away. I ran a chkdsk /f to fix it. Should I still run the chkdsk /r or just wait to see if we notice more issues?


----------



## cluberti (Aug 26, 2010)

If the event log isn't reporting filesystem issues over time, and the hardware controller and boot is clean, I'd leave the disk alone for now. Defragment when possible, and you should be OK.


----------

