Files on server spontaneously moving to top folder or disappearing, please help!

I work for a small company (~20 people) and end up doing most of the server/network/everything computer related work since I have a bit of previous experience, but this goes completely above my head so I could use some help!  Sorry for the long post, I have no idea what's going on so I figure background information will be useful.

 

We have an FTP server set up, though we only use it as a fileserver.  It's pretty old and running windows server 2008 r2.  Originally, our space requirements were low so I'd run a hardware RAID1 array with cloud backup and alternating nightly backups to external hard drives.  When we needed more space, I rebuilt the RAID array with larger drives.

 

However, recently we decided to go with a 10tb RAID1 setup.  I originally thought that it would be an easy process, but completely forgot that you can't migrate MBR to GPT and that the old computer without UEFI couldn't boot off the 10tb GPT in the first place, even if I converted and cloned our smaller one.

 

I ended up making the 10tb hard drives mirrored data drives and simply copying everything from our shared folder over to a new folder on the new hard drive.  I used partition manager to mirror since hardware RAID wouldn't recognize a drive that large and neither would windows RST.  I then copied our shared folder over with xcopy to preserve permissions.  At some point, I started running into ownership issues that were more trouble than they were worth, so I copied the rest manually and then set the permissions myself.

 

Everything worked fine for about two days.  I came in that day and someone said that the server had "disappeared" instantaneously while they were using it.  The hard drive only had the one shared folder and nothing else on it originally.  When I went and checked, folders from A-D alphabetically had been moved from the "server" folder into the top level of the hard drive.  The server folder itself had only the two files that were open the moment it happened left on it.  According to my coworkers, this happened literally instantaneously.  The files aren't hidden and appear to be actually deleted, as the hard drive itself is nearly empty.  Despite extensive logs present on the server computer, I found no record of anything happening or being deleted (and frankly deleting 2 terabytes of information wouldn't happen instantaneously anyway).  All of the shadow copies in the previous tab were gone except for the two newest ones, which were from after the issue. The original hard drive and server folder were unaffected.

 

I didn't understand what had happened, but restored from one of my external backups and hoped it was some kind of fluke.  For about a week, it worked normally.  Then, this morning, the EXACT same thing happened.  A-D in the top folder, everything else completely gone.  What is going on here?!  Does it have something to do with permissions?  The mirrored 10TB drives?

 

Any help would be greatly appreciated.

 

Thanks!

Adam

Far out mate that sounds terrible LOL.

I dont suppose you have these replicated with DFSR hey? Or replicated with the cloud software when it does backups?

 

Also how much space have you allowed for the SnapShots because there should be more than 2 previous versions, i set 3 snapshots a day for most of my drives mate.

I doubt its permissions either but the only time i had files and folders dissapear was when DFSR was screwing up all because of Symantec EndPoint.

Far out mate that sounds terrible LOL.

I dont suppose you have these replicated with DFSR hey? Or replicated with the cloud software when it does backups?

 

Also how much space have you allowed for the SnapShots because there should be more than 2 previous versions, i set 3 snapshots a day for most of my drives mate.

I doubt its permissions either but the only time i had files and folders dissapear was when DFSR was screwing up all because of Symantec EndPoint.

 

No, they're not being replicated anywhere and I've never used DFSR with them.

 

As far as the snapshots go, that was a typo - I meant 3, but all 3 were from after the issue even though I got in a few hours after it happened.

 

Yeah, this is super frustrating and terrible.  I keep telling my coworkers that I've never seen anything like this before in my life!  Thanks for the advice :D

 

For now, I'm just going to try a different, non-mirrored hard drive, with the folders transferred without xcopy and permissions set 1-by-1 manually.  Whatever the problem is, hopefully this fixes it!

Just remember that a  raid or mirror wont delete and move folders hey because if there was an issue with the mirror the server wouldnt run at all.

So, the missing files have now reappeared in the base folder of the hard drive.  Instantly, the hard drive went from 9.05tb free to 7.4tb free - the files are just in F: instead of F:\Server.

 

It appears as if they're being automatically moved out of that folder or something.  The RAID1 is set up on the data drives only, the server boots from a separate hard drive.  

 

I'm so confused!

Not raiding the OS is a major miscalculation.

 

That aside it sounds like a script moving the files.  Anything scheduled?  Who is the owner of the files after they have moved? timestamp?

Edited by Wand3r3r, 04 November 2016 - 02:09 PM.

So, small update here.

 

I replaced the hard drive with a new 8tb hdd and after a few days a bunch of files from the shared folder/server on the main hard drive suddenly appeared in the new hard drive.

 

This leads me to believe it's some kind of scheduled backup that's deleting whatever else is on the hard drive and then repopulating it with a backup copy of the shared folder.  However, I've checked Windows Server Backup and it's set to backup to our external drives, not the new internal drive that I just put in.  Any ideas on how this might be happening?

 

Thanks!

This was solved in another thread.

"Check your task scheduler, someone likely setup a scheduled task to run a robocopy script (Batch file) to backup the shared folder. You could also try changing the drive letter of the external HDD, If there is a robocopy script it should fail (I don't believe there is a way to point the backup to *any* external drive). and lastly you can try searching the Hard drives for *.bat this will populate all batch files. Look for one indicating the backup"