Troubleshooting Boot Issues¶
The errors in this article would happen during bootup, typically the first boot either from the install media or immediately after installation. If the system was up and running but then developed a boot issue with no changes in the software/OS, it isn’t likely to be related.
Booting with an alternate console¶
To boot a different console, first get to a loader prompt. Either choose the menu option from the boot menu, or when Hit [Enter] to boot immediately, or any other key for command prompt. is seen during the boot process, press space or another key.
Once at the loader prompt, type the following to boot with the serial console active:
set console=comconsole
boot -v
Similarly, if a serial memstick image is used that prefers the serial console, the video console can be used instead as follows:
set console=vidconsole
boot
Booting from USB¶
If booting fails from a USB 3.0 port and the above does not help, try a USB 2.0 port with the same delay settings. Similarly, if it fails with a USB 3.0 thumb drive, try a USB 2.0 thumb drive. Drive capacity can also make a difference, where some older hardware may not be able to boot large capacity USB drives.
If the boot stops with a mountroot error while booting off the installation disc, usually with USB CD/DVD drives, escape to the loader prompt and run the following:
set kern.cam.boot_delay="10000"
boot
Note
pfSense® software applies this change already when it detects the need, but there may be some edge cases where it should be handled manually.
At which point the boot will continue normally and a normal installation will be possible.
If running permanently from a medium that requires this delay, add the following as a Loader Tunable:
kern.cam.boot_delay="10000"
Multiple Disk Boot Issues¶
If a system has multiple disks and pfSense software has been installed on both, it is possible they may conflict in one or more ways.
For details in troubleshooting this type of situation, including identifying which drive the operating system is using, see Troubleshooting Multiple Disks.
EFI Boot Issues¶
Occasionally certain devices or hypervisors may have issues booting pfSense software via EFI. There can be multiple issues here even if they preset using similar symptoms.
A few items to check are:
Ensure the BIOS is up-to-date from the OEM
For hypervisors, ensure the hypervisor OS/Software is up-to-date
Ensure Secure Boot is disabled in the BIOS settings.
For Virtual Machines on Proxmox® VE, check the recommended settings as described in Booting UEFI. In particular, adding a Serial Port to the VM hardware may improve EFI boot behavior. Shut down/power off the VM and start it back up after adding the port to ensure it’s fully added.
If the BIOS supports both Legacy and EFI booting, the boot selection menu may contain two entries for the installation media (Legacy and EFI), try the EFI entry first.
If the system boots the ISO OK but not the installed OS, dismount the ISO image and/or remove the virtual optical drive from the VM and try again.
Some EFI-capable BIOS implementations have a method to reset the boot list entries. Resetting or clearing this list may help, though in some rare cases resetting the list may require reinstalling pfSense software afterward.
If all else fails, fall back to booting using Legacy mode if possible. The BIOS may need to be adjusted to allow that behavior.
GPT Boot Issues¶
Some systems may fail to boot a 2.4 memstick because they do not fully support booting from GPT or they are particular about the layout or other attributes.
In these cases, the memstick can be modified using another firewall running pfSense software version 2.3 or later, or with a FreeBSD 10.x or later system.
Insert the memstick into the device with the pfSense or FreeBSD installation and
check the system log or dmesg output to find the device name, such as da1.
First, try to set the partition on the memstick active:
gpart recover da1
gpart set -a active da1
Remove the memstick and attempt to boot the memstick on the target hardware. If it works, be sure to only use compatible options in the installer. In this case, if the BIOS requires an active GPT partition then either of the following installer choices will work:
Auto (UFS) requires the Partition Scheme BSD (BSD Labels)
Auto (ZFS) requires the Partition Scheme GPT + Active (BIOS)
Other platforms may need more changes to the memstick, including:
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 2 da1
gpart set -a bootme -i 2 da1
In this case the hardware may not be capable of booting ZFS, but use the same option above for UFS with BSD Labels which should work.
In either case, depending on the BIOS and hardware capabilities, similar modifications may be made to the installation target disk to use other partition schemes not listed above, but that has not been tested internally.
BIOS/Disk Errors¶
If after installation, a “cannot load kernel” error is observed, or the firewall hangs at the spinner (
/):Make sure BIOS is up to date
Reinstall but do not check the packet mode option during boot block installation process
Set the HDD mode in BIOS to LBA (don’t use “auto”, the detected geometry is different if it is set to auto and it fails)
Set the HDD mode in BIOS to CHS if the above fails
Set AHCI mode in the BIOS
Try using multiple partitions, one small one (~4GB) for
/and another for/usrusing the rest of the disk.If the installer fails to start correctly (system reboots), try the following (attempt each substep, then rerun the installer each time):
Make sure BIOS is up to date
Change the hard drive ribbon/SATA cable
Force a slower speed in the bios for the channel
Boot from another disk and run: (note that ad0 is the first ata hard drive):
# dd if=/dev/zero of=/dev/ad0 bs=8k count=16 # fdisk -I ad0
If all those fail…
Partition from a FreeBSD Live CD or Linux
Different hard drive
Different hardware entirely that isn’t prone to legacy booting issues
DVD Errors¶
If the installer disc starts to boot but hundreds of errors are printed, try:
Make sure BIOS is up to date
Use a USB memstick instead
Burn the disc at a slower speed
Change the DVD drive cable
Different DVD drive
Boot Blocks/Loader Issues¶
If a read error occurs during boot, please see this Boot Error.
If FreeBSD will boot but not pfSense, try booting from a FreeBSD Live CD and running the following (More Info):
# fdisk -B -b /boot/boot0 /dev/ada0 # bsdlabel -B /dev/ad0as1
Note
ada0is the first hard drive in that example
Vendor-Specific Issues¶
Certain Dell Blade servers may hang at boot if the system’s virtual USB media is enabled. Disable the virtual media in the BIOS and then it should boot normally.
Certain systems running Hyper-V on AMD processors may need to do the following:
Escape to the loader prompt during bootup and run:
set hw.clflush_disable=1 boot
At that point, boot the rest of the way and install pfSense software. After installation, add the following line as a Loader Tunable:
hw.clflush_disable=1
If all else fails, Netgate offers Netgate TAC and hardware through the Netgate Store that is pre-loaded with pfSense Plus software.
“Fake” RAID cards with a GRAID error¶
Certain “fake” RAID cards, driver/software-based RAID adapters that are not true hardware RAID, may fail to mount properly with the following error:
Root mount waiting for: GRAID
mountroot>
Another symptom can be that “Intel RAID” messages are shown during the boot sequence, and typing ? at the mountroot prompt it only shows the drive itself and no partitions:
Mounting from ufs:/dev/ada0s1a failed with error 19
mountroot> ?
[...]
ada0
Escape to a loader prompt during bootup and run:
set kern.geom.raid.enable="0" boot
After a successful install/boot, add that settings permanently as a Loader Tunable:
kern.geom.raid.enable="0"
Conflicting Hardware¶
If the system stops with an error such as:
run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_action
Disable any Firewire/1394 controllers and built-in USB Card Readers in the BIOS.