Watchhguard x1000 Boot Error
-
Hello all,
Need your help.
i'm having a hard time trying to get Pfsense installed on my Watchguard Firebox X1000. I'm not able to get in via serial console, tried Putty, TeraTerm with different bauds and still no luck( before boot error). I'm also having an issue with a boot error that gets displayed on the lcd. This error recently started after my attempts to get consoled into the firebox. Not sure how to fix this. Is this thing bricked?
Thanks
-
So you've previously had pfSense running on the box? Or any other OS? Does it still boot the Watchguard OS?
Hard to see how you could have set anything permanent just by having the console connected. :-\Steve
-
At first it booted the watchguard OS fine. I tried installing monowall at first on original card until my new cf card came in. Tried getting in via console in Ubuntu and in Windows, no luck. I bought a new serial cable still not able to console in. I received my card 8gig Kingston (read somewhere you can use larger capacity) installed correct version/size of pfsense , didn't work. Even tried the bios img to see if I hear the 3 beeps. I was able to hear the beeps but was not able to console in. Not sure what I' did but started to get this boot error. I know I didn't do any type of configuration because I was not able to console in with any of my attempts.
-
Ah, so you no longer have a card with the Watchguard OS on to try?
Has it ever booted m0n0wall succefully?
How are you writing the images to the card?
If you booted the FreeDOS image and heard the beeps but saw no output on the console then it's very likely your serial cable is incorrectly wired.
Try removing the CF card completely and power on the box, does it behave any differently?
You could try reseting the CMOS with the onboard jumper in case you've somehow managed to make some change without realising it.Steve
-
Yeah no watchguard OS.. should have backed up…Monowall never installed..I'm writing the images with PhysGui and I tried win32 disk imager... also removed the card and no change..CMOS didn't work. I tried 2 new serial cables both did not console me in.
-
Hmm. Could be that both serial cables are bad. Have you proved either of them with any other OS or hardware? Have you read:
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Not_All_Null_Modem_Cables_are_Created_Equal.21Since the FreeDOS image is the only thing that has booted, even if you couldn't see the console, I'd try that again. It does seem to be possible to somehow destroy the formatting on the card to such an extent that it requires 'zeroing' the whole card before re-imaging. It's hard to imagine how that could prevent an image written bit-by-bit from succeeding though, I've never had an issue.
Steve
-
Yeah..I think you are right. I was getting a bunch of issues trying to write to the cards at times… had to use the diskpart utility in windows to fix the cards ..going to give it another shot if not this thing is going up on ebay ...do you have a preferred cf card and serial cable? I'm also thinking the serial port could be bad.
-
had to use the diskpart utility in windows to fix the cards.
That's not a good sign. The file system used by pfSense is UFS which isn't readable in Windows. The cards should appear as corrupt or unformatted if you try to view them in Windows. The FreeDOS image is FAT32 so is readable. (might even be FAT16)
There is no need to do any formatting or partitioning as all that is contained in the card image.Presumably you used one of the serial cables with the Watchguard OS before you wiped the card?
Steve
-
Had to use the Diskpart utility due to card losing capacity. I guess windows didn't like the card. it would drop from 8gig down to 1.8gigs and would not let me write to it. Diskpart would bring it back to 8gigs and allow me to write the img. Not sure why, anyway also tried a new CMOS battery which didn't help. :'(
-
Seeing a 1.8GB partition would be righf if you had written it with a 4GB image previously.
Physdisk shouldn't have a problem wrting to it even if whatever formatting is on it is completely screwed.
It could be that it won't see your 8GB card correctly. CF cards that big didn't exist when that box was designed.Steve
-
Steve,
Is there a way I can access the bios through PCI video card and keyboard. I googled and found a picture of a watchguard x500 with a video card and keyboard. Want to give this a try.
-
Yep, pretty much just as shown in the picture. You need PCI graphics card, which are not common these days, and a PS2 keyboard header (and keyboard).
Steve
-
Would this be the pins to connect to? If so, what are the specs for these pins for keyboard?
-
Yes that's it. The pinout is given somewhere here on the forum, in the X700 thread I think. It's a standard pinout though if you already have a ps2 header cable. Of course they were found on PCs that came with an AT keyboard as standard but those are rare now. ;)
Steve
https://forum.pfsense.org/index.php?topic=20242.0
-
Steve,
Very cool. Going to look for a cheap PCI card on eBay and try this. Thanks for the help.
-
Okay… got some progress here. Bought a PCI card and did the keyboard setup and was able to get into the bios. I was able to fix the boot error but now I'm getting this issue while trying to install pfsense "ad1: TIMEOUT/FAILURE-READ DMA". Do you have any ideas of a fix.
-
Ok, so the CF slot on the Watchguard box doesn't have the IDE DMA lines connected. That's common to many CF slots. If your card is new and fast enough it will support DMA and will be reporting to the OS and BIOS that it's DMA capable. pfSense tries to use DMA and you get errors as you're seeing.
For this reason DMA is disabled in the NanoBSD snapshots. However it isn't disabled on the Nano+VGA snapshots because those were originally built for a box that required DMA to boot. I assume you're booting the Nano+vga image because you're running the PCI card? You need to disable DMA by doing this:
https://doc.pfsense.org/index.php/Boot_Troubleshooting#Disable_DMA_for_IDE_drivesSteve
-
Okay got it…. disabled DMA... still stuck..trying to add line to boot loader. Keep on getting a /boot/loader.conf.local: not found. Where do I enter this text?
Stuck at this point.
After the installation, add the following line to /boot/loader.conf.local:
To disable DMA for hard drive(s):
hw.ata.ata_dma=0To disable DMA for optical drives:
hw.ata.atapi_dma=0 -
It's not a file that's included by default you have create it. You can do this at the console (or probably via the Command screen in Diagnostics):
echo 'hw.ata.ata_dma=0' >> /boot/loader.conf.localNo need to worry about optical drives.
Steve
Edit: Yes you can do that in Diagnostics: Command Prompt:
-
Got it finally…pfsense is booting perfectly..thank you for the help Steve... Do you have a guide on lcdproc setup..downloaded the packages and nothing on LCD.... thanks again. :P
