Ghost Solution Suite

I successfully created a image of a hard drive, at least I thought it was successfully created. Anyway I reimaged the drive and I was going to extract some of the files from the gho image that I created. I get the following message when I try to open the ___.gho file. "Please slect the file for the last segment in this image file." and the options given is it is looking for a file with the GHS, 0 extension. When I created the image from the drive I created the image on an external usb 500 gb hard drive. Even though when the program finished only one file was created on the external drive. This GHO file is over 100gb in size. I am not sure what version of ghost created the file, but everything I did to try to open the file would not work. I get the same error message as listed above as it is looking for a ghs file which is not there. I need to extract some crucial files from this image, most of what was imaged I do not need as applications can be reinstalled once the drive is reimaged.

Here is what I have tried so far, I tried to open the file with Ghost explorer 11.0, ghost explorer2003, and even downloaded a trial version of Symantec Ghost Console Trialware, each of them give the same popup, where it is looking for the ghs file.

The next thing I did is try to run the ghost explorer 11.0 in a command line using various switches such as -ignoreindexes -corrupt, and -ntextract still I get the same popup as mentioned above looking for a ghs file.

I tried to use the ghofixup.exe in a command line (cmd window), but am not sure I ran it correctly. I copied the ghofixup.exe to the drive that contains my ghost image. then I opened the cmd window and typed the letter of the drive: ie D:\

Then when I was at the proper drive I typed ghosfixup.exe Rolf.gho then pressed enter

This is the result I got: "usage: ghofixup.exe <image file> <cd!span> then it goes back to the dos prompt. am I running the command correctly? Or is this application only for backing up data to discs?

I am lost and do not know where to go from here. I really need to recover the files some how, I been spending all day on this issue without any progress and my client is anxious to have her computer back.

I did not know if there was any difference between the commercial ghost and the home version of ghost. I tried to open the file on my home computer that has ghost 15.0 but apparently this product does not open gho files nor does it create files with a gho extension. I was hoping that I would be able to some how crack open the file to extract important pictures for my client.

Are you trying to access the ghost file from a local hard disk or a network share?  For a single large Ghost image, it is presumably on an NTFS file system and therefore needs to be accessed from Ghost running on an operating system that can access an NTFS file share. Make sure the drive is local.

If you have used a cheap USB drive to store the image, it may well be corrupted, as not all USB external drives are as reliable as you would expect. I tend to stick with WD drives for that reason. If you still have the image on the original USB hard disk, try running CHKDSK on the drive and see if it reports anything or implements any fixes to the file.

As you do not know what version of Ghost was used to create the original image (is the Ghost executable no longer available to you?), this further complicates matters.  Would it be fair to assume that the user did not have any backup process for their data?  At the moment, it looks very likely that the data will not be recoverable, as there is no longer a Ghost development team to assist in recovery in situations like this.

The harddrive that I created the image on is a usb external drive (500gb), this drive is formatted using the NTFS file system. I am not sure why when the image was created it created one large file instead of breaking it down into 2 gb sections. The usb drive is not a cheap drive it is a seagate expansion portable drive, that cost over a hundred dollars. I have never had problems with corrupted files on this drive before.  I am not trying to access the drive from a share. I created the image off of a special computer that I have at work that is used only for creating ghost images. I found out that the application is Symantec Ghost explorer 11.0. We normally use this computer to create ghost images on the ghost cast server, but since this was for personal use I created a ghost image on my personal external drive. It is funny that it did take over two hours to create the ghost image and the computer did say it was sucessful, but it only created one file which is a gho not a ghs.... I should have tested the image before I blew the operating system off the drive, but now I am stuck. No matter what I try to do I keep getting the "Please slect the file for the last segment in this image file." message.

One of your collegues was an expert in solving this type of issue I read many of his posts....

I already ran checkdisk with all the parameters and it still did not solve the problem.

The ghost application is available to me now that I am back at work. It is a real problem that the Ghost development team no longer exists in your company. Symantec is going to lose a lot of business now that they are no longer supporting their product as people go else where to get support for their imaging software.

We are already considering moving to acronis imaging software.... we are a company that has over a thousand workstations. Imaging is a major part of the job we do here.

First of all, let me stress that I am not an employee of Symantec. Trusted Advisors are separate from the company and are all private individuals.

There is still some support for the product but it's on a chargeable basis and mostly out of India.  Personally, I use Paragon hard disk manager 12 as it seems to work more like Ghost than the Acronis product, which is also in use on my production machine. If you want something free that works very well, check out the ImageX utility which is part of WinPE: https://www-secure.symantec.com/connect/articles/readyadventures-winpe

Ghost has switches and GUI settings that specify whether a single large GHO file is created. When booting from a DOS boot, or when saving to a network share, the default is to create 2Gb files consisting of GHO and GHS files, due to the limitations of DOS and some network environments in being able to handle files greater than 2Gb. On an NTFS share, using a WinPE boot that supports NTFS directly, you will get one large GHO file unless you specify a smaller max size.

I'm not surprised that it took 2 hours to compress such a large data volume into a 100Gb file. Did you correctly eject the USB drive when you finished? It only takes a few missing bits which had not finished writing to the USB drive due to write behind caching for the image to be unuseable. That would also fall in line with the error message you are getting which suggests that the final disk catalog did not get written out.

The guy you are referring to as expert in solving these issues is a former Symantec employee called Nigel Bree, who was one of the original Ghost developers, based in Australia. Whether or not he is able to offer any other suggestions on what you can try depends on whether he spots this thread and is inclined to reply. From my recollection of previous threads on corrupt Ghost images, there appears to be little hope of recovery.

Can you include a bit more detail about how you create images on your dedicated system? What operating system is running Ghost? Have you tried reading the image from your dedicated system?

Yes Nigel Bree was the talented individual whom I was referring to, I have seen many of his professional advise on his posts.

What is really strange when I created an image of the drive was it was one large file. Normally when we create an image using the ghost cast server, and save it to special network drive on one of our servers. Normally when we create a ghost image it spans over many segments. But this time I was creating a ghost image for a personal drive (not one from work), since I was creating a personal image of the drive I saved it to an external usb 500 gb drive. I was not present when the drive was disconnected, as one of the other users from my department disconnected the drive as she said it was finished the image. She then connect a client's drive to the system to create a ghost image of her drive. Anyway it created only one large file...

I did a stupid thing I did not test the image to see if it would work, I just assumed it was fine. I then wiped the drive and installed windows then when I went to extract the data from the image I was shocked to find it would not open.

Anyway we have a bootable disk that automatically opens up into the Symantec Ghost 11.0 application. I imagine it is a winPE boot setup. But I am not positive, it seems to boot quite quickly to the Symantec application.  The computer we boot to is an empty shell with a computer, optical drive and sata cable that we use to connect the drive we wish to ghost. The system is also connected to the network in case we want to use the ghost cast server. I user created this bootable disc, so it included drivers for the keyboard and network card. Anyway when the system boots to the Symantec ghost we have an option to ghost the drive to another external drive or use the ghost cast server to ghost the image to our server. I connected my 500gb Seagate USB drive to the system and ghosted to that drive. The process seemed to have worked as like I said according to the other individual she said it was finished when she shut the system down so she could setup her drive. The drive that I was creating a ghost image was a 250 gb hard drive with maybe 120 gb used space.  I hope that helps.

As I was saying, it is not strange at all to have a single large GHO file created when a local NTFS drive is used. Ghost only defaults to 2Gb segments when the boot environment is DOS (as DOS cannot handle files greater than 2Gb), or when saving to a network share, as there is no way for Ghost to determine whether the network share is limited to 2Gb files or can handle larger files. So it defaults to the lowest common denominator.

You can establish if WinPE is booting as the progress bar displayed looks a lot like the startup of the equivalent full operating system. So WinPE 1.x looks like XP when first booting, WinPE 2 ( as used in GSS) looks like Vista when starting, WinPE 3 looks like Win 7 when starting, and WinPE 4 looks like Win 8 when starting..

Let me check one more thing - when you run Ghost Explorer, what operating system are you running it from?  If you are running it from DOS, you will never be able to open a file greater than 2Gb.

When I try to open the ghost image i am opening it in a windows 7 --64 bit operating system, using Ghost explorer version 11 to open up the file. It recognizes the file it is just that the file does not indicate how the file is supposed to end. Hense I am getting the "Please select the file for the last segment in this image file." It looks like Nigel is no longer actively assisting in the forums. I am going to try to recover the files another way, Even though the original  drive has been formated/reimaged, I should still be able to use a data recovery program to attempt to recover my client's data. Unless you have some other ideas.

I found out the boot system we are using to run the Symantec Ghost application is via PC Dos environment.

As previously mentioned the application boots rigth into the Ghost application.

I am currently running an integrety check on the image just to see if that may fix the problem.

I recall a user publishing their findings that Ghost running under PCDOS failed to create a single working image greater than 24 or 27Gb (I can't exactly recall which). I'm not even sure how they were able to create a single file that large under PCDOS unless there is some clever code within Ghost which gets around such limitations.

I wish you luck in running an integrity check on your image, but I don't hold out much hope. You may be able to recover the original hard disk, and if you don't already have a tool in mind, I have used R-Studio NTFS with some success in the past when a disk's contents were formatted over. The spoiler here is that the disk was subsequently reimaged, so unless the data was on an area of disk that has not been overwritten, you may also be unable to recover part or all of the data..

Let us know how you get on.

I'm not even sure how they were able to create a single file that large under PCDOS unless there is some clever code within Ghost which gets around such limitations.

I can't recall the start date, but this was something that came out of an internal effort called "Project Phantom" where two of the technical leads on the cloning engine worked on a ground-up redevelopment in parallel with the main line of work on Ghost 2002, and 7.5 (and on a little bit). The main idea was that it would be a completely standalone NTFS implementation aimed at disk cloning (plus the important ability to do nondestructive restores, useful for OEM recoveries and one of the major features of ImageX).

One of the first capabilities of that was just the ability to do native basic NTFS read/write, and after the release of Ghost Enterprise a subset of that project was carved off and retrofitted into the classic Ghost line for the Ghost 2003 consumer product (aka Ghost 7.6, internally) and that continued to be expanded into Ghost Enterprise 8.0, along with having a lot of those capabilities spun out into the general tool OmniFS bundled in the Ghost Enterprise version to do arbitrary modications of NTFS partitions - read/write/copy/move NTFS files from DOS.

So, when Ghost 2003 and any later version wrote an image, you could point it at an NTFS partition and it would be able to write an image of any size to that (although in those earlier versions, it sometimes required some encouragement with -split=0 since it did still prefer to split at 2Gb so that things could be later copied to FAT partitions).

Now, both Ghost Enterprise and Ghost 2003 were cancelled in early 2004 (and Ghost Enterprise renamed Ghost Solution Suite to "free up" the Ghost brand for the PowerQuest product to adopt it; Ghost Solution Suite 1.0 was, despite the 1.0 version number, considered end-of-life when it debuted and our revenue really slid thanks to it being end-of-life and thus the sales people got not commission for selling it, plus of course the VP responsible was telling larger corporate accounts not to buy it and go for iCommand instead - that product being later withdrawn since it was unfit for sale).

However, the dev manager for Ghost at the time kept Phantom running as a "Skunkworks" deal, and just before our staff Christmas function at the end of 2004 (when the VP in question was visiting) it got a revealed in a demo to him, described in this edit to Wikipedia (which was later deleted, but I can testify that it's 100% accurate). The VP's reaction could basically be described as "throwing a tantrum", since we had "disrespected his authority" by working on any cloning-related code, and that everyone had to stop or he'd simply close the site and fire everyone. Note that at this point, he was responsible for 4 products; Ghost, PCAnywhere, iCommand, and the ex-PowerQuest stuff, of which iCommand and the ex-PQ projects were losing money hand over fist, PCAnywhere made a little (not big money, but OK) and Ghost made about 6x what PCA did, so Ghost was the sole reason his group was revenue-positive.

Basically, after this one of the two lead developers on Phantom code resigned that afternoon, and the guy who put in nearly as much (the guy who originally wrote Ghost Walker, and did almost all the early work on NTFS support in Ghost) went about a month later since they read the writing on the wall. Fortunately although that was a big hit to us, the work done to make Ghost use that product in 7.6/8.0 meant that once Ghost was uncancelled after the Veritas acquisition were were able to salvage and use most of the work.

[ Fortunately iCommand didn't last long, since despite big customers having been told Ghost was cancelled and that iCommand was the replacement, it was a gaping chest wound of total fail that was totally unfit to be sold. The security vulnerabilities in it were utterly staggering - we found 10 major ones (from hardcoded backdoor passwords to stupid things like writing user credentials in plaintext to logfiles on the very first day anyone in our team looked at it, and even a year later you could take control of any machine it had under management if you could sniff a URL since it did everything over plain HTTP without even digest auth; credentials were still being encoded in URLs in the clear. Fortunately the Veritas guys saved us from that too. ]

Yeah I am running Easeus Recovery Wizzard Professional. I did not want to go this route but I guess it is the only way I can recover my data. So far it has been running almost 24 hours and that is only scanning four out of about 40 sectors that the program broke the hard drive into. I knew it would take along time to do that is why I was asking for advice from the pros but I guess since no one is involved in Ghost devolpment team I guess I am out of luck. I know this forum is operated by more or less volunteers such as yourselves. Thanks for the suggestions, I may as well close this thread unless someone has other ideas

This error problem has same issue with my case. I run ghost 11 from WinPE 3 (1 year ago) to create a image from 250GB HDD from a client notebook (Used space about 50 GB with 2 partitions). Toshiba Canvio USB3 500GB (NTFS formatted 1 partitions) as destination to saving image file, result 1 image and file size 31 GB the process need 3-4 Hour to finished, after that I run check image file and result is "Succesfull". 3 month ago i run "ghostxp.exe" to extract a files (documents) i runned on Notebook using Win7 Ultimate 64b, then i got that damn confirmations same as your.

Until now that *.gho can't be opened from Toshiba 500Gb, check disc (Windows and TuneUP HDD Doctor) result is good and never had problem issue with that USB HDD before.

How to solved this error problem !!! Plz, need help !!!

It looks like you have checked all the possibilities and the only thing left for you to attempt is a full recovery of the GHO image to another hard disk. However, if you still get this error then you must consider your image lost.

I replied to this one instead of below since you mention it only made one file.  you need to include the flags "-SPLIT=x" where X is the size in MB, and "-AUTO" so it auto names the pieces.  So if you did "-SPLIT=640" you could put them on smaller CD-Rs (i just picked the old size, and its under 700MB)

If the file system of the local device being used for storage is set to NTFS then Ghost will happily generate a single large file and be able to reimage from it, as long as it comes from the local device and not a network location.