2.4.4 fails upgrade and fresh installation



  • When I try install 2.4.4, the installer fails with a repeated register dump

    0_1537845085789_pfsense 2.4.4 crash dump.jpg

    I tried the upgrade from 2.4.3_1 to 2.4.4 first but received the above and it just keep spitting this out repeatedly. So moved to fresh install and received the same.

    I tried setting the bios for UEFI only with no luck. I tried disabling CSM altogether and still getting the same

    My box is a Kaby Lake Celeron based with 6 Intel 1gb NIC ports and I’m using an msata SSD.

    I tried reverting to 2.4.3_1 which installs fine but snort and pfblocker have been updated and they cause 2.4.3_1 to crash.

    Help please


  • Rebel Alliance Developer Netgate

    That looks like a problem with your disk controller, or its driver. But it's referring to sdhci which is generally for mmc/eMMC not for mSATA disks.

    We had some issues similar to that with eMMC on certain devices with 2.4.4, the driver in FreeBSD 11.2 was trying to use a different mode than before, and the driver didn't get along too well with that.

    You might search around and see if anyone else on FreeBSD has a matching chipset issue to yours. There may be a workaround specific to your hardware.



  • @jimp the board is a system on chip Celeron 3865U which is 7th generation and supports AES-NI. The board doesn’t have a chipset to my knowledge since it’s an SoC. The board itself is a Pico ITX I believe or the size just above.

    I did reach out to the board maker to ask for a bios update. That’s the only thing that strikes me as a possibility.



  • @jimp tried switching to a standard sata based hard drive while disabling PCIe altogether with zero luck. Not sure what else to do at this point. Bout ready to give up and go to a different software set to use like Untangle or Sophos. This 2.4.4 update has rendered my unit unusable with pfsense because even if I revert to the previous version of this software, the utilities I prefer to run have been updated and will not run on the previous version of pfsense. So, I feel like this stuff should have been properly vetted before launching such drastic system update. There is literally no reason my hardware shouldn't be support in 2.4.4. Especially since it is secure boot capable and compliant with Windows 10 ver 1709 and MS Intune. The issue to me seems like a driver issue with something included in 2.4.4. UEFI is fully enabled in this systems bios by default so I am of mind that there is no issue with my hardware.

    Still waiting for some resolution here but it is starting to feel like none is coming.


  • Rebel Alliance Developer Netgate

    We cannot possibly test every combination of hardware we do not sell. 2.4.4 was in beta for a very long time. At any point you could have tested it out on that hardware.

    Additionally, the problem appears to be a FreeBSD compatibility issue -- something which we do not have any control over.

    Try to replicate the problem on FreeBSD 11.2 and open an issue upstream with FreeBSD if/when the problem still happens there.

    The error you show appears to be from mmc/eMMC like I said and not a SATA/mSATA/m.2 disk, so it's also possible that is something you need to disable on the board or in the BIOS, or find a FreeBSD device hint that matches your hardware to put in at the loader prompt to disable the controller (like hint.sdhci.0.disable=1) or maybe some other related tunable like hw.sdhci.enable_msi=0 or some combination of hw.sdhci.quirk_set and/or quirk_clear, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228340 )



  • @jimp The problem, I never get far enough to do any of this. The images above is what happens when I try to fresh install. The system simply never starts the installation and therefor no console options appear. Even if I upgrade and reboot, what is shown in the photo occurs in the boot and pfsense never starts up. Essentially, the system is prevented from even loading or installing.


  • Rebel Alliance Developer Netgate

    You can add those to /boot/loader.conf.local before upgrading, or either way you can do that at a loader prompt. At the boot menu, choose the loader prompt option. If no boot menu shows up, press space when you see the loader spinner (|) moving.



  • @jimp Sorry for the extreme delay in getting back to you. Let make sure I got this correct. Go to fresh install and when I see the spinning (|), press space to bring up a prompt and type /boot/loader.conf.local? I'm not familiar with the command line side of pfsense but if you can explain this a little further that would be great. I've been using untangle for the last month because I am unable to load 2.4.4 and I'm itching to get back to pfsense. Is there some other screen shots I can post to help the troubleshooting process out?


  • Netgate Administrator

    If you are coming from 2.4.3 you can just add those values to the file /boot/loader.conf.local before you upgrade. You may need to create that file.

    If you are installing 2.4.4 fresh, or have already upgraded and it won't boot, you need to set those values at the loader prompt in order to allow it to boot and then add them to the file.
    That process is detailed here for disabling ACPI but obviously you would want to disable sdhci instead:
    https://www.netgate.com/docs/pfsense/hardware/boot-troubleshooting.html#disabling-acpi

    Let us know if that helps. That has worked for others in your situation though.

    Steve


  • Netgate Administrator

    Looking at the actual error you're seeing you might also try:
    hint.sdhci_pci.1.disabled=1

    Steve



  • @stephenw10 How do I do this on a blank installation? As in there is nothing installed on the box currently and no previous version to edit commands on.



  • @stephenw10 Sorry bro but after 4 months, I am still no further with fixing this situation and this forum either doesn't understand the problem or doesn't know how to fix it. I have clearly stated that the system is blank and pfsense will not install. SO there is no means to update or edit commands. Plus, the few links that have been posted so far seem all want me to update and fiddle with commands in a running system which this is not.

    So here I am, 6 months since pfsense update to this new code and I am no closer to fixing it. I understand none of the people in this forum want to do anymore then issue hints instead of fixes. Fact is though that unless I get this going, I will stop recommending pfsense to my clients and choose other venders.



  • @jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

    Fact is though that unless I get this going, I will stop recommending pfsense to my clients and choose other venders.
    so please help me or loose my client base. Oh, and to be clear, all the help hints issued so far, I don't understand them whatsoever so they are not helpful whatsoever.

    Given that you obviously aren't using Netgate/pfSense hardware the loss won't be that big.

    You have already been given information on how to proceed:

    @jimp said in 2.4.4 fails upgrade and fresh installation:

    You can add those to /boot/loader.conf.local before upgrading, or either way you can do that at a loader prompt. At the boot menu, choose the loader prompt option. If no boot menu shows up, press space when you see the loader spinner (|) moving.

    @stephenw10 said in 2.4.4 fails upgrade and fresh installation:

    If you are coming from 2.4.3 you can just add those values to the file /boot/loader.conf.local before you upgrade. You may need to create that file.

    If you are installing 2.4.4 fresh, or have already upgraded and it won't boot, you need to set those values at the loader prompt in order to allow it to boot and then add them to the file.
    That process is detailed here for disabling ACPI but obviously you would want to disable sdhci instead:
    https://www.netgate.com/docs/pfsense/hardware/boot-troubleshooting.html#disabling-acpi

    Let us know if that helps. That has worked for others in your situation though.

    Steve

    If none of this works then you should choose better hardware.



  • This post is deleted!


  • @grimson

    Look, let’s start over here.

    The system is completely blank having a new SSD installed.

    Let’s take a step back. I create the install media and boot the system off of it. It boots the media and before giving any prompts or (I) spinning pipes, I get the error in the photo in the beginning of this thread.

    I have poured through the system bios which is quite extensive but find no reference or option for sdhci.

    I have checked the vender site for a bios update but none exist. It’s a Intel 7th generation muliticore SoC based system with 16gb of ram and a 120gb SSD. All running on a 35watt tdp package.

    So being that there is no installed system in the drive, how do I access or edit a loader.conf file? This has been my dilemma. If someone could answer that I’d be very thankful.

    For my clients. They are building a large data center and I am in the progress of building them them security appliances with them planning on purchasing a large support contract with netgate.



  • @jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

    Let’s take a step back. I create the install media and boot the system off of it. T boots the media and before giving any prompts or (I) spinning pipes, I get the error in the photo in the beginning of this thread.

    Well if the basic loader already fails you need to choose different/better hardware, especially if this will be a core part of a large production setup. It's as simple as that.

    If your clients are willing to pay a large support contract a few bucks for a fitting pfSense appliance shouldn't be a problem.



  • @grimson they don’t want to waste funds buying non reparable hardware and rely on warranty services to replace whole systems. It’s a waste of time and only contributes to the already massive e-waste issue.

    Using built systems that can be repurposed or repaired with off the shelf parts and put back into service quickly is what they want.

    Pfsense made appliances only serve one purpose. An assembled system such as I’m building can be repurposed to another platform or use at a moments notice.

    So let’s leave “better hardware” comments out shall we.


  • LAYER 8 Rebel Alliance

    You don't even see this screen when booting the Installer?
    0_1552761907747_pfSense_boot.png

    -Rico



  • @jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

    So let’s leave “better hardware” comments out shall we.

    Your current hardware has issues booting with FreeBSD 11.2, so your choices for running pfSense on it are:

    • Try workarounds like the ones mentioned here.
    • Use different hardware
    • Create a bug report with the FreeBSD devs and hope they can fix it, after that wait for a pfSense version that uses a FreeBSD base containing the fix.

    Try to boot FreeBSD 12, if that works you could be lucky and use the upcoming pfSense 2.5.0 builds.



  • @rico it will appear briefly but not show a spinning pipe (I) symbol.

    The system is a Intel 7th gen Quad Core with 16gb Ram and SSD. It’s really fast.



  • @grimson I hope this works out. When is 2.50 coming?

    Boot FreeBSD 12? I’ll try that and see what happens.

    Do you have a link for a distro I can download?

    Is it possible that my hardware is just too new? It worked fine in 2.4.2 and 2.4.3


  • LAYER 8 Rebel Alliance


  • LAYER 8 Rebel Alliance

    And with this image you can verify the problem with your hardware is upstream pfSense in FreeBSD 11.2: https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.2/FreeBSD-11.2-RELEASE-amd64-bootonly.iso

    -Rico



  • @jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

    Let’s take a step back. I create the install media and boot the system off of it. It boots the media and before giving any prompts or (I) spinning pipes, I get the error in the photo in the beginning of this thread.

    @jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

    @rico it will appear briefly but not show a spinning pipe (I) symbol.

    You said nothing shows up, and now it does show up? What is it now?

    If it does show do what it tells, hit Escape and go from there.



  • @rico

    I’ll try that when I get home.

    I’m a huge fan of snort and is one of about 3 reasons I push pfsense but fact remains that I’m getting this errors on a lot of systems that all worked with previous version of pfsense


  • Rebel Alliance Developer Netgate

    As it boots, just keep whacking the space bar.

    In the next few days we'll have 2.5.0 snapshots to try, based on FreeBSD 12, which is more likely to help.



  • @jimp if I do this and if i get a prompt, I’m unclear as to what I need to do with this file that’s been mentioned

    /boot/loader.conf.local


  • LAYER 8 Rebel Alliance

    0_1552762937805_pfSense_boot_loader-prompt.png

    -Rico



  • @rico

    Perfect. This is exactly what I have been asking for. Thank you so much.

    On my way home and will give that a shot when I get there.



  • @rico

    Big shout out here cause this worked and the system is installing now.

    I’ll post again after it’s all up and running and report any further issues



  • @rico

    Sir, pfsense is running great. However, anytime a reboot occurs, I gotta enter the disable=1 string in your photo. How do I automate this so it can reboot unattended?


  • LAYER 8 Rebel Alliance

    Now to make it persistent run
    echo "hint.sdhci_pci.1.disabled=\"1\"" >> /boot/loader.conf.local
    after booting from console or SSH.

    -Rico



  • @rico

    To make sure I’m following you

    Open >> "/boot/loader.conf.local” using the pfsense file editor”

    And add echo "hint.sdhci_pci.1.disabled="1"" to the bottom of the file.

    Save then restart the system.



  • echo "hint.sdhci_pci.1.disabled=\"1\"" >> /boot/loader.conf.local
    

    is the same thing as opening the file /boot/loader.conf.local and adding
    hint.sdhci_pci.1.disabled="1"
    in it.



  • @gertjan

    I’m in the file system now. A file called loader.conf.local does not exist. However, a file called loader.conf exists and I made a copy of it and renamed to loader.conf.local and edited that file with the line above.

    EDIT: just tried this and it didn’t work. Obviously I’m missing something?


  • LAYER 8 Rebel Alliance

    Just login via SSH and type or copy/paste
    echo "hint.sdhci_pci.1.disabled=\"1\"" >> /boot/loader.conf.local
    reboot and thats it.

    -Rico


  • Netgate Administrator

    The file: /boot/loader.conf.local should contain only the line:
    hint.sdhci_pci.1.disabled=1

    You might add more stuff to it later but since you had to just create it it shouldn't right now.

    Steve



  • @stephenw10

    Thank you much. I did this and it worked like a champ. It’s now booting automatically without needing interaction.



  • @stephenw10 @Rico If I may ask, what is STHC I and why is it now becoming a problem


  • Netgate Administrator

    SDHCI is the FreeBSD driver for the SD card bus. For whatever reason it is not playing nicely with the hardware on your board (and a number of other boards). As jimp referred to above the upgrade to FreeBSD 11.2 brought some changes to that driver including the ability to use a different mode which seems incompatible here. If you really needed that you might be able to force it to use the lesser mode but that's not something I've ever tried.

    https://www.freebsd.org/cgi/man.cgi?query=sdhci&apropos=0&sektion=0&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html

    Steve


Log in to reply