CrowdStrike fucked up big time didn't they?
this post was submitted on 19 Jul 2024
18 points (100.0% liked)
Portland
265 readers
20 users here now
Welcome to the lemmy.world community for Portland, Oregon!
This community has kind of been empty since it was created, I'm hoping to change that!
Unlike "other" Portland communities you may have seen "elsewhere", I believe in a "warts and all" approach. You are free to take off your Rose tinted glasses and talk about topics that are dragging our city down.
At the same time, sunset pics, snowmageddon, traffic monster, cones, that's all welcome as well. Let's collectively keep Portland weird!
2024 is going to be an interesting year politically with all the changes to city government, I will attempt to tag political threads with a [Politics] tag and encourage users to do so as well.
Other than the lemmy.world restrictions on spam, copyrighted material, and adult material (USE that NSFW tag!), there's only one real way to get in trouble here:
- Don't attack other users.
It's OK to go after Teargas Ted, it's OK to say Rene Gonzales is a fascist, ACAB, BLM, whatever floats your boat (WEFYB).
It's NOT OK to attack or diminish another user. Feel free to disagree, you can point out the many ways you think they're wrong, just don't start throwing perjoratives AT OTHER USERS.
Links to know!
Portland Trailblazers Schedule!
https://www.nba.com/blazers/schedule
Portland Winterhawks Home Game Schedule!
https://www.rosequarter.com/events/winterhawks
Portland Timbers Pre-Season Starts in February!
https://www.timbers.com/schedule/matches#competition=all&date=2024-02-10
founded 1 year ago
MODERATORS
Oh, man, it's bad. Been on a call at work all day.
Damn. Did you catch the quick fix?
CrowdStrike Fix
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching "C-00000291*.sys"
4. Boot normally.```
Edit: I'm not even about to figure out the formatting glitch here, this information just needs to be shared to help fix the problem.Yup. The problem is a) rebooting in safe mode on remote/cloud servers. b) rebooting in safe mode if you're also using BitLocker. :(
An alternate suggestion from Microsoft is "reboot up to 15 times".
Meanwhile, last I heard is Microsoft themselves uses Linux to run their Hotmail servers..
Yeah, perhaps things aren't the same today, but hell!
I don't blame Microsoft at all for having a Linux mail server...
Oh fuck, 15 times? That's a fucking delay tactic to try to keep their phone lines from getting clogged, no joke.
Wow...who could have predicted eggs in one basket is a BAD idea.
Not surprising to me that the city government depends so much on proprietary software, but disappointing. Wonder what kind of day that Finnish-American Portlander is having.
I mean, it only took CrowdStrike to bring it all down.
I don't know how close you've been following it, but CrowdStrike pushed an updated config file that contained 42kb of 0's.
On reboot, Windows machines BSOD.
Not closely at all; blissfully ignorant here in the peanut gallery :) Just read up a bit:
CrowdStrike says users should boot the computer into Safe Mode or Windows Recovery Environment, navigate to the CrowdStrike directory, and delete the faulty file “C-00000291*.sys.”
I read "users" as "IT support", and "the computer" as "every affected computer in your organization". I don't envy those poor folks in IT. Well I often do actually, but not today!
Yeah, the alternate solution is to try re-booting 15 times.
If that actually worked tho everything woulda been back up and running in no time lol
Happy to say we have absolutely zero windows installations at my company. I feel like I have to be vigilant about keeping it that way. We do use crowdsteike but Linux for servers and containers and macOS for desktop clients.
We had a major service running on the Azure cloud that was impacted. :( It was back up by Saturday, fortunately.
The whole "reboot into safe mode" was complicated by being in the cloud and further complicated by BitLocker. But we got it done!