Deleting & Recreating NTFS Journals (Or How to Properly run the 'fsutil usn' Command)
I have a chkdsk Stage 3 error (which relates to NTFS usn journals and security descriptors).
Corrupted NTFS journals prevent chkdsk /f from running a repair of the volume. So chkdsk repairs won't run and this is not a solution.
However, I have heard the corruption can be repaired by deleting and recreating the NTFS journal. This can be done by executing the following commands at the command prompt or PowerShell with administrator privileges:
fsutil usn deletejournal /d /n
followed by
fsutil usn createjournal m=<maxsize> a=<allocationdelta> <volumepath>
However, Microsoft documentation on the switches and parameters for these commands is very poor. Can anyone please advise :
- What the /d and /n switches actually do. Are they permanent? Do I need to re-enable them if I am creating a new journal? How would I re-enable if I had to?
- What are the
<maxsize>and<allocationdelta>parameters? - How do I figure out what values to set
<maxsize>and<allocationdelta>to? What are the default values?
Finally, how safe is it to delete the NTFS journals in this manner?
Thanks.
OK, for the benefit of others, I will provide you with all the knowledge I have acquired which has helped me to resolve this issue.
To recreate the NTFS USN journals, first delete, then recreate the journal.
Deleting The Journal
You can delete the NTFS USN journal using...
fsutil usn deletejournal /d /n c:
The /d and /n switches are poorly documented. Microsoft documentations here conflicts with information presented when you query the use of the command at the command prompt:
Both are inaccurate! The command prompt documentation is wrong as BOTH switches delete the journal, not just the /d. The Microsoft webpage documentation is misleading because the journal is actually deleted rather than disabled. The switches dictate how it gets deleted.
Because deleting the journal can take a very long time, the switches allow you to control whether it runs in-process or out-of-process. The /n switch executes deletejournal in process locking the handle to it (think of it as "locking the computer"). This forces you to wait until it has completed. The /d switch executes out-of-process and allows you to continue working. Deleting the journal can take hours to run and will continue across successive reboots until it has been completed. I have seen people apply both switches together when they are mutually exclusive.
Deleting the journal is nearly always safe, but it can sometimes have consequences with backup processes. Applications that are using the journal will not see file changes between the last time the application ran and when the journal was deleted. Well-programmed applications will detect that the journal was deleted and will revert to an alternative method of finding changed files or recreate it. I would advise it is safe to delete despite the consequences because at worst, you will only compromise the incremental ability of the backup. You can still do a FULL backup and start again; at least your data is not lost!
Recreating The Journal
I am informed it is not necessary to manually recreate the journal since running a backup (such as Windows-7 backup option via the Control Panel) will automatically recreate the NTFS journal.
However, if you DO want to manually recreate the journal, then at the command prompt, you can execute the createjournal command by running the following with elevated privileges
fsutil usn [createjournal] m=<maxsize> a=<allocationdelta> <volumepath>
What is <maxsize>? What is <allocationdelta>?
<maxsize> determines the file size of the journal. Typically it is between 30Mb to 40Mb. On my Windows 8.1 PC with a 2TB drive:
<maxsize> = 0x2000000 bytes (in hex) = 33,554,432 bytes = 33Mb
and
<allocationdelta> = 1/4 of <maxsize> = 0x800000 bytes in hex = 8,388,608 bytes = 8Mb
However, I might advise setting <allocationdelta> at 1/8 of <maxsize> for larger values of <maxsize>.
FYI: You can query the current size of your journals, by typing the following command at a command prompt with elevated privileges:
C:\Windows\system32> fsutil usn queryjournal C:
You will get an output similar to this:
The a and m parameters are provided in BYTES, in hexadecimal.
I would therefore recommend the following values for <maxsize> and <allocationdelta>:
If you have a very large drive (4TB+ with 400,000+ files), use:
fsutil usn createjournal m=536870912 a=67108864 C:
For smaller drives (<=2TB), with fewer files (<=400,000 files), run:
fsutil usn createjournal m=67108864 a=8388608 C:
If you are curious where these figures come from, they are the number of bit states raised to a sufficient power that provides the size in bytes for the journal log. IE: These figures are 2^x which gives the precise size in bytes around the size you want. Journals are typically kept between 30Mb to 40MB in size. I have hence, gone up to the next highest available size (67Mb) for the <maxSize> (m) parameter:
2^25 bytes x 2 = 33Mb x 2 = 67Mb
The <allocationDelta> (a) parameter needs to be around 1/8 of m, which is around 8Mb.
You will not find this explanation anywhere else on the internet!!! Microsoft especially, have shamefully failed to adequately document the use of these two journal commands.
You can query the number of files on your system by executing the following command at a command prompt with elevated privileges:
C:\Windows\system32> dir C:\ /s /a /w
You will see an output like this...
Add the number of files and directories together for the total amount; 1,616,718 in this example.
You can then use the following table (reproduced from this page ) as an alternative guide to find the appropriate values for Maximum Size and Allocation Delta.
See guide to creating journals here: See also some good advice here:
- How to set a window as the current one
- the MySQL service on local computer started and then stopped
- In Python: Can I reverse the order in which several matplotlib plot windows are visible / in focus?
- How To Cancel / Delete a Function (when changing screen size) - Jquery
- JavaScript, browsers, window close - send an AJAX request or run a script on window closing
- Fastest way(s) to move the cursor on a terminal command line?
- Windows Key Stops Working When Connecting Second Monitor
- Does target="_blank" redirect to a new window or a new tab?
- Expand-Archive giving syntax error in PowerShell v5.1 (A parameter cannot be found that matches parameter name 'DestinationPath') , Why?
- How can I create a new window from within QML?
- How to dock a windows form in C#?
- White bars when resizing the window
- How to get the resolution of a monitor in Pygame?
- Python tkinter multiple windows from separate files
- Setting window to WS_POPUP style in winapi doesn't work correctly
- How to catch EM_SHOWBALLOONTIP CEdit Message?
- After upgrading gridsome and node to 18x from 10x ..my build is getting failed "Window is not defined " and running fine on development
- Error: Cannot find module 'C:\Program Files\nodejs\node_modules\npm\bin\node_modules\npm\bin\npm-cli.js' when trying to run npm
- c - error: expected expression before 'const' while trying to use SDL_CreateWindow
- c - error: invalid operands to binary * (have 'int' and 'SDL_Window *') when attempting to use SDL_CreateWindow
- WPF-Window Topmost for own application only?
- Global variables undefined when referencing them via window object
- JavaFX remove titlebar without removing the native borders
- Can IntelliJ 2019 show more than two tool panels stacked on the left?
- How to make my Tkinter app fit the whole window no matter the size?
- Cancel split window in Vim
- How can I get properties of controls contained in a popup message box using VB.Net
- WinAPI: Create a window with a specified client area size
- How can I get my form validation to work?
- How do I change the size of the Flet window on Windows or specify that it is not resizable?