Addressing the Microsoft and CrowdStrike BSOD Issue: Fix the issue with the Recovery Tool

July 22, 2024 / Workelevate / 0 Comments
Microsoft and CrowdStrike BSOD Issue
The recent incident involving Microsoft and CrowdStrike, which led to widespread Blue Screen of Death (BSOD) errors, has significantly impacted organizations worldwide. Understanding how to effectively address and prevent such issues is crucial for maintaining operational stability. This blog provides a comprehensive overview of the incident and highlights why digital employee experience (DEX) platforms like Workelevate are essential for proactive IT management.

The Incident: What Happened?

The issue originated from a recent update to CrowdStrike’s Falcon Sensor, a cybersecurity tool, which conflicted with Windows systems, leading to BSOD errors. These errors, specifically Stop Error 0x50 or 0x7E, prevented systems from booting normally, causing significant operational disruptions. CrowdStrike identified the problematic file “C-00000291*.sys”.

Step by Step Remediation (IT admins: Please read up)

Using the Microsoft Recovery Tool for Automated Host Remediation
Applies To: Hosts impacted by the Channel File 291 issue

Overview

Microsoft and CrowdStrike have released a utility to help recover hosts affected by the Channel File 291 issue. This utility allows IT Admins to create a bootable USB drive for automated remediation, including BitLocker Recovery Key support.

Requirements

  • Administrative privileges on the Windows client
  • A Windows 64-bit client with at least 8GB of free space
  • A USB drive with at least 1GB of space (all existing data will be wiped)
  • BitLocker recovery key for each BitLocker-enabled impacted device

Step-by-Step Procedure

  1. Download the Utility
    • Download the recovery utility from Microsoft here.
  2. Extract the Utility
    • Extract the downloaded utility to a working directory on your Windows client.
  3. Open PowerShell
    • Open PowerShell as an administrator and navigate to your working directory.
  4. Run the Script
    • Execute the script by running: MsftRecoveryToolForCS.ps1.
  5. Wait for Initial Setup
    • Allow a few minutes for the utility to create the initial Windows PE image and download required files from Microsoft.
  6. Add Drivers
    • When prompted to add drivers:
      • Press Y if you need to add specific hardware drivers and provide the path to the drivers.
      • Press N to use the base WinPE drivers if no additional drivers are needed.
    • If you selected Y, enter the path where you have stored INF based drivers and the utility will add them to the WinPE image.
  7. Insert USB Drive
    • Insert a USB drive into your Windows client and provide its drive letter when prompted.
  8. Create Bootable USB
    • Wait for the utility to complete the creation of the bootable USB drive, then remove the USB drive.
  9. Use the USB Drive on the Target System
    • Insert the USB drive into the impacted system.
    • Reboot the system and enter the UEFI boot menu (usually F1, F2, F8, F11, or F12).
  10. Select USB Drive in Boot Menu
    • From the boot menu, select the USB drive. Choose the UEFI option if available.
  11. Load Windows PE
    • Wait for Windows PE to load from the USB drive.
  12. Enter BitLocker Recovery Key
    • If prompted, enter the BitLocker Recovery Key to unlock the drive.
  13. Run the Utility
    • Let the utility find and remove the impacted Channel File 291 sys file.
  14. Completion and Reboot
    • The utility will notify you when it’s done and exit Windows PE. The system will then reboot.
  15. System Boot
    • The targeted system should now boot into Windows successfully.
That’s it! Your system should now be remediated and operational.

Preventing BSOD Errors

  1. Proactive Telemetry Data: DEX platforms like Workelevate continuously monitor system health and performance metrics to detect potential issues before they cause a BSOD.
  2. Automated Alerts: These tools send real-time alerts about abnormal behaviors or hardware issues, enabling IT teams to intervene promptly.
  3. Patch Management: Regular and automated OS and driver updates are deployed to prevent vulnerabilities that could lead to BSOD.
  4. Root Cause Analysis: Advanced analytics identify patterns and root causes of previous BSOD incidents, allowing for preemptive measures.

Handling BSOD Errors:

  1. Automated Troubleshooting: Upon a BSOD event, DEX platforms can automatically gather logs and diagnostics to facilitate rapid troubleshooting.
  2. Remote Remediation: IT teams can use remote access tools provided by these platforms to resolve the issue without needing physical access to the affected machine.
  3. Self-Healing Scripts: Predefined scripts can be executed to resolve common BSOD causes, minimizing downtime and user disruption.
  4. Detailed Reporting: Comprehensive reports on the BSOD incident help in understanding and preventing future occurrences.
This incident underscores the intricate web of our technological reliance, reminding us how crucial it is to arm ourselves with tools like the Digital Employee Experience Platform to navigate and overcome such challenges with confidence.
«
»

Recent Posts

Categories