Global BSOD

Rroff said:
I'm on holiday at the moment but I'm guessing work is affected - trying to connect to some stuff remotely is just giving an server error: unknown message or nothing happening just eventual timeout.

EDIT: Most stuff seems to be working just a small number of services out. Mostly seems to be the external parts of HR and payroll systems having problems.
Click to expand...

All the online stuff is working so far, it's hardware that's affected i.e. PCs looping the BSOD.

Anyway, stop trying to log on while on holiday!
 
Cosimo said:
The fix:

How to fix the CloudStrike Windows BSOD issue

Fortunately, CloudStrike has since announced at 2:30 a.m. ET that it has identified the update causing the issue and rolled it back. The company also offered a workaround for anyone having problems:

  1. "Boot Windows into Safe Mode or the Windows Recovery Environment
  2. "Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. "Locate the file matching 'C-0000029*.sys', and delete it.
  4. "Boot the host normally."

CrowdStrike Falcon is mainly used by businesses but some allow their employees to use it.
Click to expand...
Where is that file located?
 
molinari said:
Yes. Simply renaming the Crowdstrike folder (or deleting the file as posted) and then rebooting the server, fixes it. We have had about 20 of 200 servers affected.
I think the reason Microsoft was mentioned specifically, is becuase it isn't affecting Linux servers with Crowdstrike agents installed, only MS servers.
Click to expand...

Where is the folder located?
 
Ok gurus, please help!

I'm sure I should be getting a Bit locker screen when I hit "Command Prompt" but it's taking me straight to DOS. How can I access the OS drive from the command prompt?
 
SupraWez said:
You should be straight onto the OS drive, if not try a few drive letters till you find the directory.

Depending on the build of the machine, if its been upgraded etc, you can try the following

c:\windows\system32\drivers\crowdstrike
d:\windows\system32\drivers\crowdstrike

even had one machine where it was on x:, no idea how that was built :D :-

x:\windows\system32\drivers\crowdstrike

Then once in there you can delete the file causing the issue :-

dir C-00000291*.sys
del C-00000291*.sys
Click to expand...

It's not showing any volumes in DISKPART, I suspect because the drive is encrypted.
 
I've managed to fix my machine but the majority of the office is still borked and unlikely to be fixed without an actual IT person travelling out to do it in person, which makes this the perfect outage, because a fix that can't be deployed remotely.
 
Last edited:
Does anyone know how I can force BitLocker to prompt for a drive key for unlocking? Currently the machines are going straight to the CMD window without prompting to unlock the C: drive, and the drive is then invisible within the CMD window.

TIA
 
Rroff said:
Is the recovery/system partition not on the same disc?
Click to expand...

I think so, BIOS is password locked so we might need to wait for an engineer to arrive as they won't share the password (understandable, TBF). I'm just trying to get some machines up and running over the weekend and into the start of the week.

The Win10 boxes are prompting for BitLocker so I'm getting them done, but the Win11 machines are gubbed.
 
You must log in or register to reply here.
Back
Top Bottom