Pfsense firewall issues: cannot get an exclusive lock

When you are running a Pfsense firewall box everything will almost always run smoothly. The most typical error  scenario will happen when the system’s power gets turned off by accident – or just by a good old-fashioned power failure. When the power fails your Pfsense box might be doing something important and what will usually happen is that the database of the firewall will get locked down.

When you reboot your firewall you are likely to see an error message saying something like cannot get an exclusive lock. Regardless of whether or not you will see the error message you will have and endless reboot loop, which fires up just after the Pfsense message saying somehting like ”filesystem marked as clean”. You will also see many lines of code rapidly appearing to the screen just before your system goes and reboots. The reboot loop will continue until you will fix the Pfsense disk and remove all the locks that it has. The previous might sound difficult but it is actually quite easy to do.

Step 1.First you need to connect HDMI/VGA/DVI cable to your Pfsense box along with a keyboard. We need to use a bit of console to get things done.

Step 2.Once you have connected everything(your keyboard and your display) power up the Pfsense box and when the Pfsense boot menu appears select boot from the option 2: single user mode.

Step 3. The single user boot will stop loading and says something like ”Enter full pathname of shell or RETURN for /bin/sh:” Press enter at this point.

Step 4. Now that your are in the shell environment type the following command to mount your Pfsense´s root drive where all your files usually are:

Note. You you should already be a root user but on some occasions you still might need to execute su root before typing the command below (this is rare though)

mount -o rw /

The command above mounts your Pfsense partition as read and write capable, which is what we need since we must fix the device(and thus write to it).

Step 5. Run fsck command to fix the disk. When you run this command it is generally a good idea to select y to everything when the Pfsense asks you if you would like to salvage/recover stuff. Run the fsck command at least 3 times just to be certain that everything will go well. When my first time of fsck was done with Pfsense there still were some errors, which only went away after the second time. The third time is usually just for making sure that everything actually worked out.

Once you believe everything is ok then just type reboot and your Pfsense box will most likely resume its normal functionality.

Added note. I have noticed that generally it might be a bad idea to try to change your LAN interface device within a GUI. The previous might also lead to a database lock if things go badly. So, if you want to change your interface mappings in full then do that in the command-line environment instead.