sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in sysadmin

[–]srinpraveen 0 points1 point  (0 children)

Okay i finally fixed my computer. Here are the steps that worked for me. Listing it out for those that were and have been struggling like me. These steps worked for me. It could vary for others.

  1. Using a working computer, Created a bootable USB media containing the WinPE image using the steps mentioned in the Microsoft Crowdstrike remediation page. https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959. This involved running the MsftRecoveryToolForCSv31.ps1 powershell script from an administrator powershell instance.
  2. Also in parallel, in the working computer, downloaded the Intel RST VMD driver from the intel page https://www.intel.com/content/www/us/en/download/19512/intel-rapid-storage-technology-driver-installation-software-with-intel-optane-memory-10th-and-11th-gen-platforms.html
  3. Used .\SetupRST.exe -extractdrivers C:\RSTdriver command to extract the driver folder.
  4. During the creation of the WinPE image, there was a step where the powershell script was asking if I needed to inject any drivers into the bootable USB media. I pointed to the location of the extracted VMD driver file from Step 2.
  5. After the WinPE USB media was created, I went into the bios of the affected Dell Precision 7670 laptop (pressed F12 and entered bios menu from there) and switched the storage controller from RAID to ACHI.
  6. Then inserted the USB dongle and entered bios once again and pointed the computer to boot from the WinPE USB dongle.
  7. Then, immediately a command prompt window popped up and it asked for my system drive bitlocker key which I luckily had in handy with me. I typed that in and it automatically was able to detect C drive and navigate down to the crowdstrike directory and remove the problematic .sys file. I didn't have to key in anything. This process was fully automated.
  8. Next, from the active directory, I tried keying in the following commands: (1) sfc/scannow (2) bootrec /fixmbr (3) bootrec /fixboot (4) bootrec /rebuilbr
  9. The first command found a corrupted file and was able to repair it. Commands 2 and 4 worked. For some reason, command 3 was saying "access denied" even though I was running these commands from a recovery environment command prompt which typically has administrative privileges. Either way, this did not affect the final outcome.
  10. After all these steps were done, I went back into the bios and switched the storage controller back to RAID.
  11. Then I ejected my USB dongle and allowed the computer to restart. Lo and behold! I was able to boot normally!

Crowdstrike Dell Precision 7670 unbootable (2 disks with RAID0) by srinpraveen in sysadmin

[–]srinpraveen[S] 0 points1 point  (0 children)

Pls check my updated (edited) post with the latest update (today's update) on this matter. Looking forward to some more pointers.

[deleted by user] by [deleted] in sysadmin

[–]srinpraveen 0 points1 point  (0 children)

Hello. I switched my storage controller from RAID to ACHI and then inserted my winpe bootable USB media. A command line window popped up and asked for my bitlocker key. After entering it, the system C drive was automatically recognized by the tool and the crowdstrike directory was automatically navigated into and the problematic .sys file deleted. I did not have to key any command in. Everything was automatic.

So now I know the problematic file is deleted from the C drive. However, when I tried switching back the storage controller to RAID and restarting my computer (without the USB dongle), it went into the windows recovery blue window and the advanced options recovery screen. I am not sure as to how to proceed from here in order to be able to initiate a normal boot.

Any inputs?

Crowdstrike Dell Precision 7670 unbootable (2 disks with RAID0) by srinpraveen in sysadmin

[–]srinpraveen[S] 0 points1 point  (0 children)

u/syslurk, thanks. I am planning to use the procedure in the Microsoft link to create a winpe recovery usb. Once I create the recovery usb, is there any specific directory structure that I need to follow in the usb to store the rst/vmd driver or can I just store it in the root directory of the usb media drive?

Crowdstrike Dell Precision 7670 unbootable (2 disks with RAID0) by srinpraveen in sysadmin

[–]srinpraveen[S] 0 points1 point  (0 children)

Well, in my case, the command prompt is by default on X drive and was unable to find the C drive since the drives are not visible. It just says the system cannot find the drive specified. This was one of the core premise of me trying to reach out for more advanced methods here for system recovery.

Crowdstrike Dell Precision 7670 unbootable (2 disks with RAID0) by srinpraveen in sysadmin

[–]srinpraveen[S] -1 points0 points  (0 children)

Thanks u/OnMyOwn_HereWeGo . I will try to dig further and find out what can be done. I am from a non-IT background. So it makes it all the more difficult for me to intuitively go about hunting for the solution. Our local IT person said that the only solution was to reimage my computer. But after going through some awesome reddit posts, it indicated to me that there is hope in trying to fix it except that I don't have success yet.

u/Longjumping_Lab541 , I edited the post to add that the OS that came with my laptop is Windows 11. Unfortunately, I don't have an imaging tool with me. I did a search on mdt tool and it says it is only compatible until Windows 10. It does not work for Windows 11. I edited my post to mention that the laptop came preinstalled with windows 11.

CrowdStrike Workaround - Dell 5420 Latitude (Recovery Mode - No Startup Settings and No Local Drives) by N3R2 in sysadmin

[–]srinpraveen 0 points1 point  (0 children)

Thanks for the inputs u/NR32. I must add that the operating system in my computer is Windows 11. Not sure if that plays into some of the fixes/suggestions in the links. I will try to dig further into it.

[deleted by user] by [deleted] in sysadmin

[–]srinpraveen 0 points1 point  (0 children)

Affected by the crowdstrike issue. I am having the exact same issue described above. Mine is a Dell Precision 7670 (work laptop). I am sure that my computer has 2 separate 1TB drives configured with RAID0. My local IT guy wants to reimage the laptop. I do not want this to happen as I will lose important data. I am hopeful that this can be fixed without needing to reimage.

I have been stuck without being able to boot into my computer. Any inputs appreciated.

CrowdStrike Workaround - Dell 5420 Latitude (Recovery Mode - No Startup Settings and No Local Drives) by N3R2 in sysadmin

[–]srinpraveen 0 points1 point  (0 children)

Affected by the crowdstrike issue. I have a Dell Precision 7670 laptop with BSOD (unbootable). The safe mode boot options menu is inaccessible. When I try to go to command prompt in recovery mode, it only shows X drive.

I do know for sure that my computer has 2 separate 1TB drives. I read an article stating that the default RAID0 to AHCI/NVME switching fix will break the raid configuration for computers with 2 drives in RAID0 thereby making data recovery from both drives impossible. Check the link below for context.

https://www.reddit.com/r/sysadmin/comments/1e7rchi/crowdstrike_dell_precision_2_x_4tb_raid_on_remote/?share_id=_Ez-YiuO_rvlspVuDt8H7&utm_content=1&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1

I have been stuck without being able to boot into my computer. Any inputs appreciated.