Here’s my notes for ZFS root installation with FreeBSD 8.1. (amd64 on my system)

Boot up the FreeBSD install disk, you’ll need one with the Fixit system.  In the examples listed, I had 2 disks, ad4 and ad6.  Yours may be different, replace as necessary.

1. Add the modules on boot, hit “6″ at the BTX loader menu, then enter these lines at the “OK” prompt.

load ahci.ko
load opensolaris.ko
load zfs.ko
boot 

2. At the sysinstall menu, go to Fixit.

3. Create the GPT disks and partitions.

• Delete any partions already on the disk, and destroy. (only if needed)  On my disks, I had 2 partitions created from another OS installation.  “-i 2” indicates the partition number.  You may need to add a third or more.

  gpart delete -i 2 ad4
  gpart delete -i 1 ad4
  gpart delete -i 2 ad6
  gpart delete -i 1 ad6
  gpart destroy ad4
  gpart destroy ad6 

• Create the gpt disk.

  gpart create -s gpt ad4
  gpart create -s gpt ad6 

• (NOTE: “gpart show” and “gpart show –l” will display the partitions.
• You may want to layout different partitions, but we’ll just create a boot, swap, and zfs partition here, with GPT labels.  (swap is better left off ZFS for crash dumps)

  gpart add -s 128 -t freebsd-boot -l boot0 ad4
  gpart add -s 128 -t freebsd-boot -l boot1 ad6
  gpart add -s 8388608 -t freebsd-swap -l swap0 ad4
  gpart add -s 8388608 -t freebsd-swap -l swap1 ad6
  gpart add -t freebsd-zfs -l disk0 ad4
  gpart add -t freebsd-zfs -l disk1 ad6
  

• Next, add the bootcode to the disk.

  gpart bootcode -b /dist/boot/pmbr -p /dist/boot/gptzfsboot -i 1 ad4
  gpart bootcode -b /dist/boot/pmbr -p /dist/boot/gptzfsboot -i 1 ad6
  

4. OK, now we’ve got some GTP disks setup for a mirror and boot. 
IMPORTANT!!!  Make sure you don’t skip this step, create the /boot/zfs directory for the zpool.cache.

mkdir /boot/zfs

5. Now we can start the ZFS fun! On the FreeBSD wiki and on other sites I used as reference, there may be listed other options and settings for your ZFS layout.  Here, I am going to keep it very simple, but I’ll list out my options later.

Also, you may prefer different names or even separate location/directory/ZFS filesystem for your root pool. My preference is to call the root pool “rpool” and place the FreeBSD system in the ROOT filesystem.  (looks like this: rpool/ROOT)  In addition, my preference is to place “/home” outside of the ROOT fs.  Which allows is to separate system from data and management of snapshots is more flexible. But this is totally a preference thing.  One of the beautiful things about ZFS is the flexibility and ease of use.

• Let’s create the pool. Notice the gpt/disk# items, which correspond to your gpt labels. Also, we’ll disable a mountpoint on rpool.

  zpool create rpool mirror gpt/disk0 gpt/disk1
  zfs set mountpoint=none rpool
  

• Add the ROOT filesystem.  Again, here you may prefer to add all ZFS filesystems for places like /usr, /var, /tmp, and other system locations.  I don’t recommend it, but in this example we’ll keep it all in one filesystem, except /home.

  zfs create -o mountpoint=/mnt rpool/ROOT
  zfs create -o mountpoint=/mnt/home rpool/home
  

  (OPTIONAL file systems)

  zfs create rpool/ROOT/usr
  zfs create -o compression=lzjb -o setuid=off rpool/ROOT/usr/ports
  zfs create -o compression=off -o exec=off -o setuid=off rpool/ROOT/usr/ports/distfiles
  zfs create -o compression=off -o exec=off -o setuid=off rpool/ROOT/usr/ports/packages
  zfs create -o compression=lzjb -o setuid=off rpool/ROOT/usr/src
  zfs create rpool/ROOT/var
  zfs create -o exec=on -o setuid=off rpool/ROOT/tmp
  

6. Install the base system.  We’ll be intsalling the system into the /mnt directory for now, but we’ll change those mounts later.

• cd /dist/8.1*
  export DESTDIR=/mnt
  for dir in base catpages dict doc games info lib32 manpages ports; do (cd $dir ; ./install.sh) ; done
  cd src ; ./install.sh all
  cd ../kernels ; ./install.sh generic
  cd /mnt/boot ; cp -Rlp GENERIC/* /mnt/boot/kernel/
  

7. Edit /mnt/boot/loader.conf and add these lines.

ahci_load="YES"
zfs_load="YES"
vfs.root.mountfrom="zfs:rpool/ROOT"

8. Edit /mnt/etc/rc.conf and add these lines. I have re0 as my network interface, your’s may be different.

zfs_enable="YES"
ifconfig_re0="DHCP"
hostname="systemname"

9. Edit /mnt/etc/fstab and add these lines. Setup your swap.

/dev/gpt/swap0 none	swap	sw	0	0
/dev/gpt/swap1 none	swap	sw	0	0

10. Copy the zpool.cache.  IMPORTANT!!!!! Don’t forget this step!!

cp /boot/zfs/zpool.cache /mnt/boot/zfs/zpool.cache

11. Export this…

export 	LD_LIBRARY_PATH=/dist/lib

12. Unmount ZFS filesystems and set the correct mountpoints for the new root to boot. If you setup other/optional zfs filesystems, then you’ll want to set their correct mount points, too.

zfs umount -a
zfs set mountpoint=legacy rpool/ROOT
zfs set mountpoint=/home rpool/home

13.  Set the bootfs property of the pool to rpool/ROOT

zpool set bootfs=rpool/ROOT rpool

That’s about it!  Well, actually, you’ll still need to do a lot of post install stuff.  (see the wiki (set passwd, time zone, etc))  This is only a very base load of FreeBSD, root doesn’t even have a password. 

Keep in mind, at the time I wrote this, there is a bug in the zfs boot loader, where you can only boot from the first disk in the mirror.  Kind of reduces the usefulness of a root mirror, that’s for sure.  However, there is a patch that you can compile a new zfs loader with.  There’s a procedure to do so, and I’ll write up a how-to on that sooner than later.

Here are the site’s I used as reference, as well as the forum post on the root mirror boot issue.

http://www.b0rken.org/freebsd/zfs.html

http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror

http://forums.freebsd.org/showthread.php?p=95482

Tried to manually setup my disks in order to install root FreeBSD on a ZFS mirror, but following the how-to’s available, I couldn’t get pass the first command.

gpart create -s gpt ad0

geom 'ad0': File exists

I tried deleting the partitions/slices, even doing a “dd of=/dev/null” on my drives.  But I keep getting this file exists error, which is totally less-than-helpful.  Google didn’t give me much help either, but it did lead me to other info which helped.

So… delete the partitions:

gpart delete -i 2 ad0
gpart delete -i 1 ad0

In the above, I only had 2 partitions, so you may need to add a line for “-i 3” if you had a third, fourth, etc.  Also, in my case I was setting up a mirror on ZFS, so I repeated all these for both drives. (ad0 and ad2, for my system)

After that, there was a ONE EXTRA thing that was needed before the “gpart create” command would work.  You need to “destroy” it!

gpart destroy ad0

I was finally able to runt he gpart create normally after that. If you had drives setup previously from another system, this was how I removed any partition info on them.

These are the sites I used as reference.

http://forums.freebsd.org/showthread.php?t=9777

http://www.b0rken.org/freebsd/zfs.html

http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror

sed -i '53d' ~/.ssh/known_hosts
Run in your home directory. Replace “53″ with the line number referred to in the known_hosts error from the ssh login attempt. You need the “d”. If you had line 12, then you’ll show ’12d’ in that sed command.

I am always getting ideas, and this might be a cool one. I want a new Facebook. I want to make my own version of it. Only, not centrally controlled, and not a direct single-place-to-go site to be social.

Why? Because I foresee a downfall. And because Facebook, if its not already there, is becoming an evil giant that not only controls your personal data, it legally owns it. Leo Laporte actually removed his account from there because of their policies. (although, he may have recreated one.) And its also becoming a source of malware, or rather a “vector of attack” for malware. The general public will never care about the privacy issues, even though they say they do, but that’s the problem, I think. We need something better.

We need an open-source version of it. It needs to be distributed, and federated, like email, and not centrally owned/managed on one persons servers. It also needs security by default. Also, everything needs to be opt-in by default. It needs to be simple.

I want to build this! Guess what, Google Wave has the beginnings of this. Problem is, Wave isn’t going anywhere, and it doesn’t have the federated services yet. If it did, Wave could potentially form into what I would want. (to some extent) Another thing, guess who else created some of the needed technology? P2P networks! all the file/mp3 networks out there already created, in part, the idea I’ve got. Only they did it for file sharing. I think some of those concepts, including the way email works, could be utilized for a “Facebook-like-net-web-app” that’s cross platform.

It would take these parts: (off the top of my head)
- A peering web service, that anyone can run on their own servers.
- A web service, that connects using the peering services, anyone can run and connect to the fbnet. (FB = First Byte, by the way!)
- A web app, where one can manage their profile. (that can be hosted by anyone on existing web servers)
- A client app, like for Winblows, Mac, Linux, Iphone, Droid, etc.

Technically it works distributed like email servers do, crossed with the way P2P servers work. Only, from a user’s perspective, its like email meets twitter and blogs, and personal web pages, complete with public profiles, wall’s, status messages, and comments like Facebook has.

Kewl idea, I think. But, just like all my other ones, it’s gonna take a lot of money!

Had a fun time today cleaning off some trojans and rootkits.  On this one client system, while trying to go online, the Internet  turned into the Inertnet! (Hahahha! I love that one!)  As usual, I have lots of ideas why, but no real evidence and clients saying “I don’t know how it got there.”  Doesn’t really matter though, it’s there and I am going to clean it off.  I managed to easily scan for and clean off a couple of them, but one would’t detect with any scanner.  AV.exe kept popping up, showing the fake windows security center and Antivirus 2010.  I used Process Explorer to see the offender, but I couldn’t find the file, it was hidden.

I rebooted with UBCD4Win, found the file and deleted it.  Problem is, this caused a mess in Windows. Nothing would load, I always got a “Open With” dialog box.  After some Googling, I found out where to fix that in HKCR in the registry.  In there, there was a setting for .exe files to open, and it was set to use av.exe in the user profile to open them!  How do you like that?!!

I wasn’t able to fix that in the current user profile, it was locked down somehow.  Opening in the Administrator account of XP allowed me to fix it though.  The default value for “exefile” should be set to:

“%1″ %*

(Just google that for more info.)

Ok, so got that all fixed.  Fun how you clean off these bugs, only to leave windows all messed up after!  Next, did all my final scans, tweaks and other items. (lock down IE, disable scripts/Flash/Adobe, add a windows update to Trusted Sites, and force user to use Firefox.  I also changed the icon on Firefox to the one for IE so the user will pretty much always use it!)  Then I tried to get all the updates caught up, only no go!  Wait, I am on the same Internet connection as my system, and it works for me, why not the client system?  Hmm… well they are on an isolated subnet, going through the firewall separately. (keeps their bugs off my systems!)  But, wait, those are the same DNS settings?

AH! Take a look at those NIC properties in XP.  DNS is hard set to 93.188.x.x!  Nslookup shows that as some place at a .com.ua domain. Well, let’s fix that one, and set to DHCP like it should be!  Problem solved, Windows Update works!

Fun stuff!  I’ve cleaned a lot of bugs over the years, and I’ve heard of DNS hijacking, but that’s the first one I’ve seen like that.

I only need to update this once in a while, but twice now I’ve forgotten what to run after an update to /etc/login.conf.  Run this:

cap_mkdb /etc/login.conf

Well, if you’re like me, you probably love Google Chrome browser.  And although the latest version of Firefox (3.6) is much improved in speed, it launches fast and browses quick, I still like Chrome better now that I am used to it.  Especially now that it’s got my two favorite extensions, Lastpass and mouse gestures.

Anyway, to the point. Using Chrome 4.x. (It did say Beta still? weird?) Chrome has been acting kind of laggy lately on my desktop system.  It opens quick, but then is slow to show any pages and on mouse clicks they pause for a second before any action.  First I thought, disable any extensions.  Ok, did that. Relaunched Chrome, same thing.  Alright, this time I’ll remove all the extensions.  Relaunch and same thing.

At this point I thought, is there some sort of weird proxy or dns thing going on here?  No, not DNS.  If it was, my laptop would be slow too, right?  We all use the same DNS.  And I even benchmarked it with DNS Benchmark at GRC.com. (search for that at that site to download, cool little tool!) 

Firefox and IE don’t exhibit the same issues. Hmm…  not sure about this one.  Ok, fairly quick test.  Uninstall Chrome, completely, including any saved/cached data.  Make sure I don’t have any profile data in c:\users\username\appdata\google\chrome folder.  If there is, delete that folder.  (keep in mind, you will be deleting EVERYTHING saved in chrome, FYI)  No big deal though, I have all my bookmarks synced on my Gmail account and I use Lastpass to store passwords and sites. 

Reboot the computer, find and download Chrome again, run the installer.  Get my two favorite extensions and I am in business!  Now Chrome is launching fast, like it normally does!  And mouse clicks are responsive again.

Just a note, it says my version is now: 4.0.249.89 (38071)
And it doesn’t say “beta” anymore.

Maybe that’s what the issue was, there was something not upgraded automagically by Google and there was still older beta code used somehow.  Whatever it was, problem solved.

By the way, this is one of my favorite reasons to use Firefox or Chrome over Internet Explorer. There are many others, but this is a big one, IMHO.  You can actually remove the browser and all the settings and cached data from your system.  You can’t with IE.  Even with the options to delete any saved data in IE, the program is still on your system, doing who-knows-what in there.  The only way I know of to really clear out any issues with IE is to create a new user profile on the system, login as that user and test if IE still has an issue. If it does not, your problem is in IE in your old user account.  That’s really a huge pain!  Much easier to remove the program and any associated data and reload it to clear out any bugs.

I had a client recently that had their browsers hijacked. Everything they typed in the browser ended up redirecting them to some test_s.php file at “www.fes.sk”.  (Don’t open that, or you might end up with a virus!  I just wanted people to find this in case it might help clean this bug off!)

Not sure what this virus was, but it disable Microsoft Security Essentials and blocked even MalwareBytes and SuperAntispyware from detecting it.  I couldn’t find it and I was almost to the point of just reloading the computer because in this case it would have been faster to just copy the docs of and reload Windows XP.

I thought, let’s search that URL?  This was key, because it brought up some forum posts and someone mentioned HitMan PRO.  www.surfright.nl/en/hitmanpro

Never heard of this program, but thought since it had a 30 day trial I’d give it a quick shot.  I was very impressed, it scanned in litterally a few minutes. (like 2 or 3!)  It found a “Rootkit”, nothing more than that though, in a file called “ipsec.sys” in the system32/drivers directory.  Then it said, “Reboot to clean.” 

My client was very pleased to see it reboot, do another very quick scan, and he was able to browse the web again.

Hitman Pro was free for 30 days, but you had to activate it.  I believe it has a subscription price of just under $30/year for 3 PC’s. (as of 02/09/2010)  That’s not too bad I think.  Keep in mind though, this looks like a “remover” , not a real-time antivirus protection program.  You’ll still want Norton, NOD32, MSSE, whatever you like, for that.

Now, I have to ask… because all my clients are starting to ask… why do they need this when they already have MSSE, Norton, etc?  Why doesn’t the AV real-time protection actually protect them in the first place?  Well, I can’t answer that one.  But it drives me nuts, and it make it worthless to pay for a subscription to Norton or McAfee (or any other) when all they do is get subverted and taken down, even if it’s the clients fault.  Because of this I will only suggest a free product for now, at least until I start seeing the “for pay” products doing what they were paid to do.  And if I see a Rootkit or Trojan that I can’t easily clean off, I’ll recommend HitmanPro for now.  If that can quickly remove bugs for my clients every time I use it, I’ll tell them (my clients) to use it and even purchase it as a quick cleaning tool in addition to MSSE.

MsMpEng.exe – Antimalware service executable

I have Windows 7 Ultimate x64, but I think this might be problem in any version. I keep having issues with MsMpEng.exe hogging the cpu.  Basically, using a large amount of resources, like 100%!  It’s eating the CPU time and a lot of memory.  The system will work just fine, even after running for hours, when suddenly the system slows to a crawl, almost to the point I have to reset the system.  I finally narrowed the culprit to MsMpEng.exe, the scanner for MSSE (Microsoft Security Essentials).

Good news is, I think the cpu hog problem is solved! I found a link on a Google search about adding exclusions, which I suspected would be a problem for things like my backup programs.  I added Crashplan and Syncback programs already, but what I found in that Google search was that you need to add the MSSE directories in C:\ProgramData to the exclusion list.  WHAT!!???  Are you kidding me?  MSSE doesn’t already exclude itself?  Come on MS!!  I really like MSSE,  but that’s pretty stupid.

I went ahead and added the directories below to MSSE exclusions:
(Be sure you set your system to Show Hidden Files in Windows Explorer, because C:\ProgramData is hidden in Windows 7, and so is the “All Users” profile folder in XP.)

- – For Windows 7 – -

C:\ProgramData\Microsoft\Microsoft Antimalware
C:\ProgramData\Microsoft\Microsoft Security Essentials
C:\Program Files\Microsoft Security Essentials

- – For Windows XP – -

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials
C:\Program Files\Microsoft Security Essentials

———–

Note:
1. As stated above, make sure you have enabled/showed hidden files.
2. You may need to search your system for “Mirosoft Antimalware” or “Security Essentials” if you do not see the folders listed above.
3. I have not tested this in XP and don’t know the exact locations, so if you don’t see, do a search on your computer.
4. Thank you to several commenters for the extra information regarding XP and other possible locations!

———–

Now, for a couple days, I have had no more issues!!!  We’ll see in a week if it really fixes it.  That’s an easy fix, but completely annoying!  I still like MSSE regardless.  It’s not perfect, but I’d rather have it than anything else.

I am curious to know if anyone else found this fix to work?

Note:  I do recommend people run a manual scan with MalwareBytes and SuperAntispyware once in a while, along with the real time scanner in MSSE.  MSSE didn’t catch a recent trojan at one of my clients, same one was blocking MalwareBytes too.  Only SuperAntispyware cleaned the system properly.

EDIT 02/10/2010:

It’s been about a week and a half, still working fine! It appears that this fixed the problem!

EDIT 02/23/2011:

I have also seen a new setting to scan only when the computer is not in use, which has also helped in some cases. Check out my newer post:

http://www.1stbyte.com/2011/02/23/revisiting-msmpeng-exe-antimalware-service-executable-high-resource-usage/

So I never took the time to look these up, but I just heard about them recently.  I always wanted to know how to create a new folder in Windows Explorer without having to use menu’s, by just using a keyboard shortcut.

In the right side of the Explorer window, where you want the new folder, press your “CTL+SHIFT+N” keys.  You’ll get a new folder ready to type in a new name.

Also, you can hit “CTL+N” to get a new window in the same location.

I was not able to access a newly joined Windows 7 computer on our domain from our Windows 2000 Server.  I just received that error.  “Cannot perform the requested operation”  Sharing was setup ok, permissions and security set ok, firewall was turned off.  I saw an Event ID 2017 on the Windows 7 system, too. Something about “unable to allocate from the system nonpaged pool”.

I found this online. Add the MaxNonpagedMemoryUsage value below in the client’s registry. (Windows 7 system)  Make a restore point first so you can undo if any problems arise.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\MaxNonpagedMemoryUsage

DWORD VALUE: 0xFFFFFFFF

Next, restart the “Server” service on the Windows 7 machine.  Then go back to Windows 2000 Server and try to connect to \\window7machine and see if it can access it now.

This worked great for me, hopefully it works for you too.  However, it may be wise to increase that value in small increments from the default, which I THINK is 0×100000.   I just maxed it out and on my client system to test, and it’s working fine.  Just thought I’d make note of it.  If you have further problems, or this doesn’t fix the issue, remove the value and reboot.  This should return it back to the default.

Get the test commands available:

get-help test*

Should list out the tests available to you.

Test overall system health:

test-systemhealth

Check Outlook Web services:

test-outlookwebservices –identity:amailblox@organization.com | fl

(note the “fl” at the end, helps reading output, otherwise it will not wrap the lines)