Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Subscribers 3 subscribers
  • Views 30938 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 10 Rev. 3 Boot loop with LED Sequence *video*

JonnyRocket
I have a RED 10 at a remote location that has the following LED sequence: https://www.youtube.com/watch?v=segvsK0_1_Q 

It seems to do this for a few minutes and then reboot.  I can ping it remotely while it is doing this sequence, but then drops which I'm assuming it is resetting itself.  The troubleshooting guide doesn't mention this sequence: https://www.sophos.com/en-us/support/knowledgebase/116573.aspx The closest it gets in the firmware update, but that is only on Rev. 1 devices, and this is a Rev 3. 

I am not at the location, so I haven't tried using the firmware recovery tool, but I may have to drive over there.  Any thoughts or suggestions?


This thread was automatically locked due to age.
  • 0 in reply to oxident
    I've tried a few more things and I really think the problem is caused by a defective rootfs partition. When using telnet to get into the boot console (RedBoot), the "fis list" command only prints out the "zImage" partition. My other REDs are also showing "rootfs" and "rootfs_data".

    After digging around I even found a way to dump those missing partitions from another RED and flashing them to the defective one. But unfortunately, the RED-ID seems to be inside of them, effectively producing an 1:1 clone of my working RED ;-)

    If I using a hex editor to change the RED-ID, the device fails to boot up again, maybe because of a wrong checksum or wrong certificate inside the device...

    Has anyone tried something similar?


    I think you crashed the RED appliance [:)]
    As far as I know, when the root_fs is damaged, it should connect to the RED servers and flash it. You removed also the identity... Not sure if you remove it again... maybe the RED ID is also stored on the "pre-boot" system...
  • 0 in reply to 127.0.0.1
    I think you crashed the RED appliance [:)]

    Yes, absolutely sure about that but I can assure that every partition (including the one with the identity) "went away" from one day to the other. [8-)]

    But somehow I have a feeling that it could be repaired "easily" because it seems that the unit is physically fine.

    If I've understood you correctly than the firmware layout for the RED consists of three parts:
    zImage - generic loader (aka initial ram disk)
    rootfs - root file system (including Sophos' binaries)
    rootfs_data - specific data partition (unique for each single RED)
  • 0
    Have you tried flashing the RED with the utility available on the KnowledgeBase?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Yes ... But unfortunately, the utility contains only the initial ramdisk (zImage) and still needs an intact identity partition (which seems to be signed by a public certificate) :-(
  • 0
    Hi Jonny,
    I know the issue you are facing; it's a really rare corner case. Please contact your partner or the technical support.
    Greetings,
    Andreas
  • 0
    Unfortunately, that's not an option for me because my unit's production date is 11/2013 and there's no extended warranty.
    In the meantime I've done some efforts in editing the JFFS2 part and the RED now boots up again. But it seems that it still lacks some kind of device specific certificate to become provisioned.
    I guess Sophos won't supply me with a copy of this? ;-)
  • 0 in reply to oxident

    Hi,

    It seems, I ran into the same issue after UTM up2date to 9.510-5 incl. firmware updates to connected REDs and APs. While I did this several times, there have never been some serious problems, but now the RED 10 rev.3 never went back online. I am experiencing the same boot loop as described above. Also have no warranty / support. AP/RED recovery tools seems not to work with Windows 10. Error message: "Could not change network interface settings - Flash aborted". Recovery tool runs in administrator's context, firewall disabled, used NIC  is DHCP, IPv4 and IPv6 on.

    Any ideas?

    Thank you.

Unfiltered HTML