Quick Overview
On July 19, 2024, an issue with the CrowdStrike Falcon agent caused unresponsiveness and startup failures for Windows machines on Azure. If you’re facing this problem, follow these steps to recover your VMs:
Recovery Option: Restart Azure VMs
1. Using Azure Portal
- Navigate to the Azure Portal.
- Locate your affected VM.
- Click on “Restart” to initiate a reboot.
- Sometimes, multiple restarts might be needed.
2. Using Azure CLI or Azure Shell
Access Azure Shell at [shell.azure.com](https://shell.azure.com).
Run the command:
az vm restart –resource-group YourResourceGroupName –name YourVMName
Repeat if necessary until the issue is resolved.
Additional Recovery Options
If restarting doesn’t resolve the issue, consider these options:
Option 1: Restore from Backup
Azure Backup
- Restore your VM from a backup taken before July 19, 2024, 04:09 UTC.
- Follow instructions on how to restore Azure VM data in the Azure portal.
Option 2: Remove Problematic File
- Direct File Removal
- Use Azure CLI with PowerShell 5.1+.
Execute the following steps:
az vm repair create -g YourResourceGroupName -n YourBrokenVMName –verbose
az vm repair run -g YourResourceGroupName -n YourBrokenVMName –run-id win-crowdstrike-fix-bootloop –run-on-repair –verbose
az vm repair restore -g YourResourceGroupName -n YourBrokenVMName –verbose
This method can potentially fix the issue without detaching and reattaching disks.
Option 3: Troubleshoot OS Disk
- Attach OS Disk to Repair VM
- Use the Azure portal to attach the OS disk.
- Navigate to `Windows/System32/Drivers/CrowdStrike/` and delete `C-00000291*.sys`.
- Reattach the disk to the original VM.
Next Steps
If problems persist, contact CrowdStrike support for further assistance.
Microsoft and CrowdStrike are actively working on additional solutions, check the status here.
By following these steps, you can mitigate the impact of the CrowdStrike Falcon agent issue and restore functionality to your Azure VMs. For ongoing updates, refer to CrowdStrike’s public statement on their website.