Tier 2 IT Support - Steps to fix Microsoft/Crowdstrike Outage using Safe Mode

Avatar Kazi Anjum -

System/Application:

Microsoft Windows/ Crowdstrike

 

Abstract:

This Knowledge Base (KB) article provides a comprehensive, step-by-step guide on how to resolve conflicts between CrowdStrike and Windows startup. If CrowdStrike is preventing Windows from starting correctly, following these instructions will help you access and manage the necessary system files to restore normal operation. By addressing these conflicts, administrators can ensure that both CrowdStrike and Windows run smoothly without interference.

 

 

Documentation:

Step-by-Step Guide

1. If PC is stuck in a boot loop continuously press F8 or FN+F8 to break the loop. If not skip to step 4

2. Press F8 to enter startup options

3. Enter Bitlocker recovery key then go to step 10

Media (4).jfif

4. Recovery: Select Advanced Repair Options

  • If Windows fails to load correctly, you will be directed to the Recovery screen.
  • Click on See advanced repair options to access additional recovery tools

    Media.jfif

5. Choose Troubleshoot

  • From the Choose an Option screen, select Troubleshoot.

Media (1).jfif

6. Access Advanced Options

    • In the Troubleshoot menu, click on Advanced options.
    • This will provide you with several advanced tools for system repair and diagnostics.

Media (2).jfif

7. Navigate to Startup Settings

  • From the Advanced options menu, select Startup Settings.

Media (3).jfif

8. Restart to Change Startup Behavior

  • Click on Restart to access the Startup Settings menu.

 

9. Enter BitLocker Recovery Key

  • When prompted, enter the BitLocker recovery key (from IT) to gain access to the system.

Media (4).jfif

 

10. Access Safe Mode:

  • Click F5 on keyboard to access Safe Mode with networking.

 

Media (5).jfif

 

 

 

11. Log in with Admin Credentials

  • Log in as .\ghadmin and get the LAPS (Local Administrator Password Solution) password from an administrator. (Verify you are using the back slash found underneath the backspace button).
  • Open File Explorer after logging in.

 

12. Navigate to System32

  • In Windows Search, search %windir%\system32\drivers to access the necessary system files.

Media (6).jfif

13. Locate the CrowdStrike Folder

  • In the drivers directory, find and open the CrowdStrike folder.
  • Verify the presence of the relevant files.

Media (7).jfif

 

14. Search and Verify File Details

  • Check the file details to confirm its relevance. 
  • Here, the file "C-00000291" was modified on 7/19/2024 and is 40.0 KB in size.

Media (8).jfif

15. Delete the File

  • Once you have found the correct file, right-click on it and select Delete.
  • Confirm the deletion to remove the file from the system.

 

Media (9).jfif

 

16. Permanently Delete the File and then Restart:

  • In Desktop, go to recycle bin and permanently delete the file.
  • Restart after finished.

Media (10).jfif

 

Troubleshooting Tips:

  • Double-check the file paths and names for accuracy.
  • If the issue persists, consult with your IT support team for further assistance.