Hmm.  Well I have done no writing at all to the disk.  But 6 different software programs will not find the missing snapshots.

I was still waiting for an answer on if there is way to get the data out of the snapshots without their parents. 

lol.  yes.  running it on the physical local drive that housed the vmdks.  running it inside a vm that I can no longer access would be quite a feat :smileysilly: - Recuva deep scan wouldn't even find them.

just used windows and accidentally hit Del.

Not sure I want to pay their support for that.  Im sure someone here has to have an answer.  My next choice will be to manaully try to edit the CID of the child snapshot and link it to a new parent, then go down the line and link him to the one above him.  Not looking forward to changing these CID's though.  Was hoping there was a util that would just ignore the CID's and open the raw data.  However, when I attempt to mount the VMDK it of course complains that its not an actual drive or that its missing its parent.  Workstation seems really odd on how it handles snapshots as in Vsphere/Center I can mount up a snapshot regardless of what other ones I have deleted, because Im assuming its using its base/flat file as the parent/active.

I am confused again.  Above you say you were able to boot the original vmdks.  In your latest post you say you cannot access the vm (your recuva example).  Also, why try to mount snapshots that are not going to help? 

If it was my project I would attack it this way:  I would first back up the entire folder for the virtual machine to a different hard drive.  Then I would try searching the old hard drive for the whole vm folder using Easeus data recovery (my go to app).  I would recover that whole folder to a the new hard drive.  If all the deleted snapshots are in there, I'd attempt to boot it.

If this doesn't work, you're probably going to have to do deeper forensics to find the deleted vmdks. 

Ill give that program a try. Its one I have not used. 

To make the project/story more understandable:

I had roughly 19 vmdks/snapshots.  1-19.  I deleted 5-10.  When trying to boot off of 19 it doesn't work because it goes down the list, until it hits 10 and then realized 10 no longer exists, then fails saying that it cant find the parent vmdk.

I was able to boot off of vmdk 1 - or the first/flat vmdk from the machine.   However, this data is all months old.   I still have snapshots 1-5 and 11-19.

So I am not able to access the vm, from the most recent snapshot, only from the original baseline.

At this point I kind of gave up getting it back, so I copied the baseline vmdk and created a new VM.  I backed up all vmdks 1-5,11-19 to another drive.  I have no used the original drive that the vmdks I lost were on.  So to have no writes going to it and not over write them.  I will run Easeus right now and see what I come up with.

tek0011 wrote: I still have snapshots 1-5 and 11-19.

Here is what I'd do...

1. Make a proper backup copy of the existing VM even tough it's broken.

2.  Edit the parentCID of the Disk DescriptorFile in 11 to point to the CID in 5.

This should then enable access to what's in the 11-19 snapshots.

This of course assumes a sequential snapshot chain.

Thanks WoodyZ  -  that is exactly what I was planning on doing.  Once I can figure out how in workstation.  I use vsphere/center a lot more than I do WS

Right now Easeus is running.   Considering the other 4 programs I used only found 138k files and Easeus has found over 1.9million, there might be hope.

I appreciate all of you who revived this thread.  I was about to give up.

Are you using a monolithic or split disk?

Single file.

Have a look at dsfo.exe and dsfi.exe as you can use both utilities and How to fix a broken CID-chain information to accomplish the task.

If you need any additional help or information while undertaking the task at hand just let us know.

tyvm.  I'll give that a try today.   Was planning on bringing everything from WS over to ESX as I am alot more familiar with it.  But, I might as well get used to WS as well. 

Ill let you know how it goes.

Also, odd, Easeus found nearly 1.8 million files.  But not the 4-5 vmdks I am missing.  So strange.

Running into this issue:

"Not enough storage is available to process this command"

There is plenty of space.

Well, with a monolithic disk file, for disk operations like snapshot merging, etc., you need to have at least as much free disk space on your host as the max. allocated size of the virtual disk, plus a little more for overhead.  So if you defined the virtual disk as 80 GB, then you will need between 80 and 90 GB free on your host to do anything like this.

ah ha.  eeks.  That means even though the vmdk is only 25GB, I set the max for 250.   Time to find some space

thanks.  On to this for the rest of the day.

Alright.  So I have enough space for the max size (250GB) and 100GB on top of that to spare.  However it is still throwing the same error.

tek0011 wrote: Running into this issue:

"Not enough storage is available to process this command"

There is plenty of space.

What do you mean by "Running into this issue:", yes I see the error message however I see no relevance to what you're doing in reference to what I've previously said to you in this thread.  So what exactly are you doing that you're receiving this error message?

This is when attempting to hit Go on DSFO.

Nevermind.  DOS prompt worked fine.