Body
Overview
On July 19th, 2024, at midnight, CrowdStrike pushed an update to its client that caused some Windows machines with the CrowdStrike software to crash. CrowdStrike updated this within a short window of time, but any machines that accepted the update may require administrative help to be resolved.
If your computer is at a blue screen caused by this issue, please follow the below instructions and contact your local IT team if you have any questions or need assistance.
Recovery Steps
If you've been affected by the CrowdStrike blue screen issue, you can follow the following steps to resolve the issue.
- Reboot your machine to give it an opportunity to download the CrowdStrike fix
Note: connecting the machine to the wired network and using Safe Mode with Networking may help remediation
- Follow one of the below instruction sets:
- Boot into Safe Mode
- Alternate to Safe Mode
Note: On boot, you may be asked for a Bitlocker Recovery key. If so, you may be able to retrieve your own key, or you may have to contact your local IT team. See the instructions for Unlocking a computer with a Bitlocker Recovery Key below.
Booting into Safe Mode
- Hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- On the first sign that Windows has started (for example, some devices show the manufacturer’s logo when restarting) hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- When Windows restarts, hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- Choose Troubleshoot
- Choose Advanced options
- Choose Startup Settings
- Click Restart
- Select Safe Mode from the options that appear when you restart.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file that starts with "C-00000291" and ends in ".sys" and delete it
- Boot the device normally
Alternate to Safe Mode
If you're unable to boot directly into Safe Mode, you can try the following to attempt to delete the required file:
- Hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- On the first sign that Windows has started (for example, some devices show the manufacturer’s logo when restarting) hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- Again, on the first sign that Windows has started (for example, some devices show the manufacturer’s logo when restarting) hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- Choose Troubleshoot
- Choose Advanced options
- Choose Command Prompt
- In the command prompt window, type each line below, and press the return key after each line:
- c:
- cd windows
- cd system32
- cd drivers
- cd crowdstrike
- del C-00000291*
- exit
- Click Continue to Windows
Unlocking a computer with a Bitlocker Recovery Key
You may be able to recover your Bitlocker Recovery Key if your computer is managed by a unit that uses the ADS domain to log in. This includes many units like Weinberg College, NUIT, and others. Everyone can try the instructions below, but if you are not able to retrieve a recovery key, contact your local IT team.
- You will be presented with the following 2 screens if the machine needs to be unlocked.
- If you typically log in to the ADS domain at Northwestern, which includes many schools and units like Weinberg College, you can use the Northwestern MBAM End User Self-Service Web Portal from a secondary device to request a BitLocker Recovery Key. Contact your local IT teams if you have any questions.
Note: You will need to be connected to VPN to log in to the Bitlocker Recovery Portal
https://mecmcas.tss.northwestern.edu/SelfService/Recovery/Index
- When prompted, log-in to the Northwestern MBAM portal using your NetID & password.
- Input the first 8-characters of the BitLocker Key ID found on the computer console and select a reason for the recovery key to generate a one time BitLocker Recovery Key.
- Click the Get Key button to generate the 48-digit BitLocker Recovery Key for that specific computer.
- Type in the 48-digit BitLocker Recovery Key provided back into your computer, if successful the machine should proceed to the normal Windows log-in screen.