Fixing bad Intel NIC settings from UEFI

Today, a storm coming through the Dallas area managed to cause a power surge.  Most of my electronics are fine, but the router, a repurposed McAfee S1104 firewall running pfSense, wouldn’t come up properly.  Interfaces em0 and em1 came up mostly OK, but em2 and em3 wouldn’t.

A little checking using dmesg showed an error thrown for each interface (EEPROM checksum is not valid), so pfSense wouldn’t load the interfaces.  After some searching online (painfully slow over tethered LTE), I found someone who tried to fix their issues by using an Intel utility called bootutil.  (It didn’t work for them, but it was still a lead.)

I found the Intel page for it, and downloaded the Windows/EFI utility pack, preboot.exe.  I extracted this to a USB drive, and went through approximately the following steps.  There may be some things a little off as I didn’t actively record it, but something like this should work in the future.

  1. Boot into the EFI shell.  In my case, this involved bringing up the Boot Menu by pressing F7 and selecting from the list, but some motherboards look for F12 or other keys and some enter it from within Setup.
  2. Change to the USB device.  This will vary based on your system.
  3. Move to the appropriate directory.  You’ll want to end up in EFIx64 if you’re on an x86_64 processor or EFI64 if you’re on an Itanium CPU.
    cd APPS
    cd BootUtil
    cd EFIx64
  4. Run the utility to list the NICs.
  5. For each listed NIC, reset it to the default configuration.  I had four, so I ran the following commands.
  6. Reboot the system.

Unfortunately, pfSense didn’t get everything quite right.  I still had to configure the LAN NIC (em3) to get some remote access level.  Fortunately, after each configuration change, pfSense saves a config backup, so I was able to restore from that from within the interface itself (option 15, Restore recent configuration).  After one more reboot, everything was working as it should.  I got up and running much faster than if I had to completely rebuild things (there’s a lesson about backups in here, I’m sure).

Still, resetting the NIC saved me the cost and time of buying a new 4-port Intel NIC, which aren’t cheap.  Here’s to digging around in the parts we don’t usually see.

Fix for Wireshark locking up in Windows 8.1

I’ve been puzzling over why Wireshark seems to lock up when launching on Windows 8.1 and dumpcap.exe sits in the background even after Wireshark is forced to close.  Some experiments from the command line showed that any time dumpcap.exe tries to use some aspect of its capture behavior (including just listing interfaces), it locks up.  Various tools suggested that it was waiting for some external event to allow it to close.

I finally learned from an Ask Wireshark post that it was due to WinPCAP not starting on demand.  The solution is simple:

  • Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start to value 0x03 (SERVICE_DEMAND_START).
  • Reboot.
  • Enjoy packet capturing goodness.

I believe this is an issue with WinPCAP and not Wireshark.  There’s an alternate solution of running Wireshark in Windows 7 compatibility mode, but I try not to run things in compatibility mode unless there’s really no other way to do it.