SCCM | Intune | Windows 365 | Windows 11 Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members. Please post your questions in the correct category.

Microsoft Azure Update for Crowdstrike BSOD

Prajwal Desai

Forum Owner
Staff member
Messages
4,603
Solutions
111
Points
413
The following information is taken from the following Microsoft article: https://azure.status.microsoft/en-gb/status

We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state.

Updated: We approximate impact started as early as 04:09 UTC on the 18th of July, when this update started rolling out.

Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - crowdstrike.com

Update as of 10:30 UTC on 19 July 2024:

We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines. Customers can attempt to do so as follows:

  • Using the Azure Portal - attempting 'Restart' on affected VMs
  • Using the Azure CLI or Azure Shell (https://shell.azure.com)
https://learn.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest#az-vm-restart

We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.

Additional options for recovery:

We recommend customers that are able to, to restore from a backup, preferably from before 04:09 UTC on the 18th of July, when this faulty update started rolling out.

  • Customers leveraging Azure Backup can follow the following instructions:
How to restore Azure VM data in Azure portal

  • Alternatively, customers can attempt repairs on the OS disk by following these instructions:
Troubleshoot a Windows VM by attaching the OS disk to a repair VM through the Azure portal

Once the disk is attached, customers can attempt to delete the following file:

Windows/System32/Drivers/CrowdStrike/C00000291*.sys

The disk can then be attached and re-attached to the original VM.

We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance.
 

Trending content

Forum statistics

Threads
6,508
Messages
25,450
Members
15,632
Latest member
AZ2050
Back
Top