SOLVED: PVE update broke my system (because I missed something). GRUB error

G

gctwnl

Member
Aug 24, 2022
70
12
13
I upgraded PVE on my NUC which ended with

Code: 
Your System is up-to-date


Seems you installed a kernel update - Please consider rebooting
this node to activate the new kernel.

starting shell
So, I rebooted, entered the BIOS/disk passwords and then I got:
Code: 
Welcome to GRUB!

error: symbol `grub_disk_native_sectors' not found.
grub rescue>
And looking again at the upgrade window, I had missed something, because the complete message at the end of the upgrade was:
Code: 
update-initramfs: Generating /boot/initrd.img-6.8.12-8-pve
Running hook script 'zz-proxmox-boot'..
Re-executing '/etc/kernel/postinst.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.

Removable bootloader found at '/boot/efi/EFI/BOOT/BOOTX64.efi', but GRUB packages not set up to update it!
Run the following command:

echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -u

Then reinstall GRUB with 'apt install --reinstall grub-efi-amd64'

Processing triggers for libc-bin (2.36-9+deb12u9) ...

Your System is up-to-date


Seems you installed a kernel update - Please consider rebooting
this node to activate the new kernel.

starting shell
In addition: my NUC has a BIOS password and an internal SSD which is also encrypted/protected with a password.

Now, what do I have to do to get this fixed? Is there a way at all? I have seen more have been hit by this but I am a bit at a loss.

the ls command gets me:

Bash: 
grub rescue> ls
(lvm/pve-root) (lvm/pve-swap) (hd0) (hd0,gpt1) (hd1) (hd1,gpt3) (hd1,gpt2) (hd1,gpt1)
 
Last edited:
  • Like
Reactions: omaktl
Solved through these steps:
  1. Download the Proxmox VE 8.3.1 IOS and flash it to a USB drive
  2. Connect the USB drive to the USB of the system
  3. Boot the system (mine will boot from a USB drive found without BIOS changes)
  4. The Proxmox installer boots. Select the recovery option in Advanced
  5. This boots the PVE environment and you can log in via the web browser as you normally will
  6. Use the shell in the web browser for this PVE to execute the forgotten commands:
    Code: 
    echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -uapt install --reinstall grub-efi-amd64
  7. reboot the system
After these steps, my PVE booted again and launched all VMs on it. Phew!
 
  • Like
Reactions: wbedard, omaktl, ikidd and 3 others
Curious. I have my systems set to auto update via crontab. How would i i know if i need to run these commands or not? Would it be beneficial to run the commands even if the update did not specifically say to?
 
R3dM3at said:
Curious. I have my systems set to auto update via crontab. How would i i know if i need to run these commands or not? Would it be beneficial to run the commands even if the update did not specifically say to?
Click to expand...
you can check in /var/log/apt/term.log
 
which issue? the update exposed a (configuration) issue on some systems. so now there is a warning to detect potentially affected systems so the configuration issue can be fixed before the next reboot. you need to run those commands (or fix the config in a different fashion).
 
fabian said:
which issue? the update exposed a (configuration) issue on some systems. so now there is a warning to detect potentially affected systems so the configuration issue can be fixed before the next reboot. you need to run those commands (or fix the config in a different fashion).
Click to expand...
Forgive me for my lack of know how here, but if the system can detect what you must do so a reboot will not fail, why not simply do it? For false positives, I assume, but then, how do I personally would recognise a false positive? If I get this message (and do not miss it as last time, but then, the message did not tell me my system would be potentially bricked) I will by definition have to do this anyway to be on the safe side.

Maybe better: is there a way I can fix my config (which was basically created by a PVE install on the hardware, I never touched anything so deep, so the configuration issue has been created by PVE in the first place I guess) so that I cannot run into this again?
 
gctwnl said:
Forgive me for my lack of know how here, but if the system can detect what you must do so a reboot will not fail, why not simply do it? For false positives, I assume, but then, how do I personally would recognise a false positive? If I get this message (and do not miss it as last time, but then, the message did not tell me my system would be potentially bricked) I will by definition have to do this anyway to be on the safe side.
Click to expand...

the warning will be shown if a removable bootloader entry is detected, but the config isn't set up in a way that automatically upgrades it. this combination is only a problem if you also attempt to use that entry to boot, which is not the normal way of booting. so the warning is a bit over cautious (it will be printed on systems that are not affected unless you manually boot using the removable entry), and gives admins a chance to investigate.

there are two ways to fix the issue:
- remove the removable entry if it is not needed (very dangerous if you actually need it, so better to not do that automatically)
- change the config to always update it (should always be safe, but might not be desired)

the warning recommends the latter, but an admin might choose the former.

gctwnl said:
Maybe better: is there a way I can fix my config (which was basically created by a PVE install on the hardware, I never touched anything so deep, so the configuration issue has been created by PVE in the first place I guess) so that I cannot run into this again?
Click to expand...

simply run the command once (which will fix the config), that's it.
 
Linux pve 6.8.12-9-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-9 (2025-03-16T19:18Z) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat May 24 10:14:31 IST 2025 on pts/0
root@pve:~# echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -u
info: Trying to set 'grub2/force_efi_extra_removable' [boolean] to 'true'
info: Loading answer for 'grub2/force_efi_extra_removable'
root@pve:~# apt install --reinstall grub-efi-amd64
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Reinstallation of grub-efi-amd64 is not possible, it cannot be downloaded.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@pve:~#

after running the command i got these message, kindly advise ?
 
please run "apt update" and ensure your repository configuration is correct
 
root@pve:/etc/apt# cat sources.list
deb http://ftp.debian.org/debian bookworm main contrib

deb http://ftp.debian.org/debian bookworm-updates main contrib

# security updates
deb http://security.debian.org bookworm-security main contrib

deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

root@pve:/etc/apt# cd sources.list.d/
root@pve:/etc/apt/sources.list.d# cat pve-enterprise.list
# deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise

root@pve:~# apt update
Hit:1 http://ftp.debian.org/debian bookworm InRelease
Hit:2 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:3 http://ftp.debian.org/debian bookworm-updates InRelease
Hit:4 http://security.debian.org bookworm-security InRelease
Err:5 https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease
401 Unauthorized [IP: 117.120.5.24 443]
Err:6 https://enterprise.proxmox.com/debian/pve bookworm InRelease
401 Unauthorized [IP: 117.120.5.24 443]
Reading package lists... Done
E: Failed to fetch https://enterprise.proxmox.com/debian/ceph-quincy/dists/bookworm/InRelease 401 Unauthorized [IP: 117.120.5.24 443]
E: The repository 'https://enterprise.proxmox.com/debian/ceph-quincy bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/bookworm/InRelease 401 Unauthorized [IP: 117.120.5.24 443]
E: The repository 'https://enterprise.proxmox.com/debian/pve bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

root@pve:~# echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -u
info: Trying to set 'grub2/force_efi_extra_removable' [boolean] to 'true'
info: Loading answer for 'grub2/force_efi_extra_removable'

root@pve:~# apt install --reinstall grub-efi-amd64
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 11 not upgraded.
Need to get 45.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://download.proxmox.com/debian/pve bookworm/pve-no-subscription amd64 grub-efi-amd64 amd64 2.06-13+pmx6 [45.7 kB]
Fetched 45.7 kB in 1s (59.2 kB/s)
Preconfiguring packages ...
(Reading database ... 46303 files and directories currently installed.)
Preparing to unpack .../grub-efi-amd64_2.06-13+pmx6_amd64.deb ...
Unpacking grub-efi-amd64 (2.06-13+pmx6) over (2.06-13+pmx6) ...
Setting up grub-efi-amd64 (2.06-13+pmx6) ...
Installing for x86_64-efi platform.
File descriptor 3 (pipe:[21053]) leaked on vgs invocation. Parent PID 4056: grub-install.real
File descriptor 3 (pipe:[21053]) leaked on vgs invocation. Parent PID 4056: grub-install.real
Installation finished. No error reported.
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.8.12-9-pve
Found initrd image: /boot/initrd.img-6.8.12-9-pve
Found memtest86+ 64bit EFI image: /boot/memtest86+x64.efi
Adding boot menu entry for UEFI Firmware Settings ...
done
Processing triggers for shim-signed:amd64 (1.44+pmx1+15.8-1+pmx1) ...

today it is like this ? not able to understand ? , yesterday i also run "apt update" then executed the two command ? with that error ? confused ?
 
you seem to have both enterprise and no-subscription repositories configured.. I think when you first attempted to run it you hadn't run "apt update" yet, and therefor it didn't find the package..
 
gctwnl said:
Solved through these steps:
  1. Download the Proxmox VE 8.3.1 IOS and flash it to a USB drive
  2. Connect the USB drive to the USB of the system
  3. Boot the system (mine will boot from a USB drive found without BIOS changes)
  4. The Proxmox installer boots. Select the recovery option in Advanced
  5. This boots the PVE environment and you can log in via the web browser as you normally will
  6. Use the shell in the web browser for this PVE to execute the forgotten commands:
    Code: 
    echo 'grub-efi-amd64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections -v -uapt install --reinstall grub-efi-amd64
  7. reboot the system
After these steps, my PVE booted again and launched all VMs on it. Phew!
Click to expand...

Hi Just want to ask how can I perform this one on my server ?

I don't see any RECOVERY OPTION in Advance ?

Sorry I am using the PVE 8,4 version?
 
You must log in or register to reply here.
Top Bottom