Applies ToWindows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server, version 23H2

For information about this issue with CrowdStrike on Windows endpoints (clients), see KB5042421.

Summary

Microsoft has identified an issue impacting Windows Servers hosted on-premises that are running the CrowdStrike Falcon agent. These servers might encounter error messages 0x50 or 0x7E on a blue screen and experience a continual restarting state.

We have received reports of successful recovery from some customers attempting multiple restart operations on affected Windows servers.

We are working with CrowdStrike to help provide customers with the most up-to-date remediation steps to resolve this issue. Please check back for updates on this ongoing issue.

Resolution

Important: We have released a USB tool to help automate this manual repair process. For more information, see New recovery tool to help with CrowdStrike issue impacting Windows devices.

To resolve this issue, follow these instructions for your Windows server environment.

To mitigate this issue on VMs hosted on Hyper-V hosts, follow these steps:

IMPORTANT To complete the following steps, you must have a recovery image saved on a DVD.

  1. Power off the affected server from the Hyper-V Management console. Right-click the VM and then click Settings.A screenshot of the Virtual Machines window of the Hyper-V management console. A virtual machine (VM) is selected, the context menu is displayed, with the Settings option highlighted.

  2. Under IDE controller in the left navigation pane, click DVD Drive and then click Browse to select the Windows Server OS ISO. The ISO should be of the same Windows version as the affected server. ​​​​​​​ A screenshot of virtual machine (VM) settings in the Hyper-V management console with IDE Controller 1 highlighted and the Image file option highlighted with the path to the ISO file.

  3. Once the ISO is loaded, click BIOS in the left navigation pane and then move CD to the top of the Startup order in the right-side pane.A screenshot of virtual machine (VM) settings in the Hyper-V management console with BIOS highlighted and the Startup order with the CD option highlighted at the top.

  4. Start the VM from the console and then press any key once you are on the Press any key to boot from CD or DVD screen. This starts the VM into Windows Pre-Installation Environment.A screenshot of a Virtual Machine Connection with white text on a black screen that reads Press any key to boot from CD or DVD.

  5. On the Windows Setup screen, click Next and then click the Repair your computer option. ​​​​​​​ A screenshot of Windows Setup for Windows Server 2016. A screenshot of Windows Setup for Windows Server 2016 with the Repair your computer option highlighted.

  6. On the Choose an option screen, click Troubleshoot and then click Command prompt.A screenshot of Choose an option with Troubleshoot highlighted.A screenshot of Advanced options with Command Prompt highlighted.​​​​​​​

  7. If your System drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  8. Type the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory. 

  9. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”.  To do this, type the following command and then press Enter:

    dir C-00000291*.sys​​​​​​​

  10. Permanently delete the file(s) found. To do this, type the following command and then press Enter:

    del C-00000291*.sys

  11. Restart your device.

To resolve this issue on Physical servers, follow the steps in the following methods.

In the following methods, we use the Dell iDRAC remote management console. For example, access the Remote Management Interface for the affected server. This might be different for each vendor depending on the OEM (such as iLO for HP, iDRAC for Dell, CIMC for Cisco). 

Navigate to the section of the interface that allows you to start the remote console or virtual console.

Method 1: Mounting the ISO from Remote Console

  1. Navigate to Virtual Media in the Remote Console section of the management console.

  2. Locate the option for mounting an ISO or inserting virtual media. This option might be labeled as Virtual Media, Virtual DVD, or so on.A screenshot of the Virtual Console window with the Virtual Media button highlighted.

  3. Select the option to mount or attach an ISO image. You will be prompted to browse for the ISO file on your local system.A screenshot of the Virtual Media window with the Choose File button highlighted.

  4. Browse and select the ISO file which is of the same version as the affected server version.A screenshot of the Virtual Media window with the Map Device button highlighted.

  5. Confirm the selection and wait for the management console to upload and mount the ISO to the server.

  6. Once the ISO is mounted, open the server’s operating system or management interface.

  7. On the Choose an option screen, select Troubleshoot and then select Command Prompt.A screenshot of Choose an option with Troubleshoot highlighted.A screenshot of Advanced options with Command Prompt highlighted.​​​​​​​

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type in the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change the directory to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s). To do this, type the following command and then press Enter.

    del C-00000291*.sys

  12. Restart your device.

Method 2: Mounting the ISO from Web console

  1. In the Virtual Console window, click the Boot button to access the Boot menu.A screenshot of the Virtual Console window with the Boot button highlighted.

  2. From the Boot menu, select Virtual CD/DVD/ISO. Confirm your selection by clicking Yes in the Boot Controls dialog box.A screenshot of the Boot Controls window with the Virtual CD/DVD/ISO option highlighted.

  3. Click the Power button in the Virtual Console window.A screenshot of the Virtual Console window with the Power button highlighted.

  4. Choose Reset system (warm boot) from the Power Controls menu. ​​​​​​​ A screenshot of the Power Controls window with the Reset System (warm boot) option highlighted.

  5. Confirm the selection by clicking Yes in the Confirm Power Action dialog box.A screenshot of the Confirm Power Action window with the Yes option highlighted.

  6. After the server completes the POST process, it will start from the selected .ISO image. Select the virtual CD/DVD drive as the boot device. Restart the server to enter the Windows Pre-Installation Environment.A screenshot of the Confirm Boot Action window with the Yes option highlighted.

  7. After your device restarts to the Choose an option screen, click Troubleshoot and then click Command Prompt.A screenshot of Choose an option with Troubleshoot highlighted.A screenshot of Advanced options with Command Prompt highlighted.​​​​​​​

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s). To do this, type the following command and then press Enter:

    del C-00000291*.sys​​​​​​​

  12. Restart your device.

Contact CrowdStrike

If after following the above steps, if you still experience issues logging into your device, please reach out to CrowdStrike for additional assistance.

References

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.

We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.