Windows Server 2016 NTFS sparse file/Data Deduplication users: please install KB4025334

Hi folks,

KB4025334 prevents a critical data corruption issue with NTFS sparse files in Windows Server 2016. This helps avoid data corruptions that may occur when using Data Deduplication in Windows Server 2016, although all applications and Windows components that use sparse files on NTFS benefit from applying this update. Installation of this KB helps avoid any new or further corruptions for Data Deduplication users on Windows Server 2016. This does not help recover existing corruptions that may have already happened. This is because NTFS incorrectly removes in-use clusters from the file and there is no ability to identify what clusters were incorrectly removed after the fact. Although KB4025334 is an optional update, we strongly recommend that all NTFS users, especially those using Data Deduplication, install this update as soon as possible. This fix will become mandatory in the “Patch Tuesday” release for August 2017.

For Data Deduplication users, this data corruption is particularly hard to notice as it is a so called “silent” corruption – it cannot be detected by the weekly Dedup integrity scrubbing job. Therefore, KB4025334 also includes an update to chkdsk to help identify which files are corrupted. Affected files can be identified using chkdsk with the following steps:

  1. Install KB4025334 on your server from the Microsoft Update Catalog and reboot. If you are running a Failover Cluster, this patch will need to be applied to all nodes in the cluster.
  2. Run chkdsk in readonly mode (this is the default mode for chkdsk)
  3. For potentially corrupted files, chkdsk will report something like the following
    The total allocated size in attribute record (128, "") of file 20000000000f3 is incorrect.

    where 20000000000f3 is the file id. Note all affected file ids.
  4. Use fsutil to look up the name of the file by its file id. This should look like the following:

    E:\myfolder> fsutil file queryfilenamebyid e:\ 0x20000000000f3
    A random link name to this file is [file://%3f/E:/myfolder/TEST.0]\\?\E:\myfolder\TEST.0

    where E:\myfolder\TEST.0 is the affected file.

We’re very sorry for the inconvenience this issue has caused. Please don’t hesitate to reach out in the comment section below if you have any additional questions about KB4025334, and we’ll be happy to answer.