Jump to content

Recommended Posts

  • Employee
Posted (edited)

Hi Everyone,

Wanted to get something out for anyone this morning that may be impacted by the CrowdStrike outage.  Per https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/ the problem files are 'C-00000291*.sys' with a 0409 UTC timestamp.  The fixed versions have a 0527 UTC timestamp.

For Instant clones on Horizon 8 on vSphere, ensure that the parent VM for the pool wasn't updated with the bad sensor versions, and simply remove any clones and allow Horizon to create new machines.

For floating Horizon Cloud (v1 or next-gen) simply recreating the machines from the image will fix the instances.

For dedicated full clones on Horizon 8 or Horizon Cloud, things are a little more complicated since it will depend on the platform, but the core of the process is to remove the affected files. 

  • Assuming BitLocker Drive Encryption is turned off:
    • Mount the affected OS disk(s) to a good machine
    • Delete Windows/System32/Drivers/CrowdStrike/C-00000291*sys from the disk
    • Unmount the disk(s) and reattach them to the original VM, then power it back on.
  • If BitLocker is turned on, and you happen to have your full clones managed via Workspace ONE UEM, the recovery key can be provided through Hub, and then the above process can be completed.

If all else fails, Microsoft has stated that users were able to recover a machine or VM by repeatedly rebooting (In some cases up to 15 times), until the device was able to pickup the unaffected versions.

Hope this helps!  If anyone has run across another way that you've resolved this, please let us know and I can add it to our list of resolutions here.

Edited by Mike Erb
  • Like 6
  • Thanks 2
  • Insightful 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...