Employee Mike Erb Posted July 19 Employee Share Posted July 19 (edited) Hi Everyone, Wanted to get something out for anyone this morning that may be impacted by the CrowdStrike outage. Per https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/ the problem files are 'C-00000291*.sys' with a 0409 UTC timestamp. The fixed versions have a 0527 UTC timestamp. For Instant clones on Horizon 8 on vSphere, ensure that the parent VM for the pool wasn't updated with the bad sensor versions, and simply remove any clones and allow Horizon to create new machines. For floating Horizon Cloud (v1 or next-gen) simply recreating the machines from the image will fix the instances. For dedicated full clones on Horizon 8 or Horizon Cloud, things are a little more complicated since it will depend on the platform, but the core of the process is to remove the affected files. Assuming BitLocker Drive Encryption is turned off: Mount the affected OS disk(s) to a good machine Delete Windows/System32/Drivers/CrowdStrike/C-00000291*sys from the disk Unmount the disk(s) and reattach them to the original VM, then power it back on. If BitLocker is turned on, and you happen to have your full clones managed via Workspace ONE UEM, the recovery key can be provided through Hub, and then the above process can be completed. If all else fails, Microsoft has stated that users were able to recover a machine or VM by repeatedly rebooting (In some cases up to 15 times), until the device was able to pickup the unaffected versions. Hope this helps! If anyone has run across another way that you've resolved this, please let us know and I can add it to our list of resolutions here. Edited July 19 by Mike Erb 6 2 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.