Applies ToWindows 11 Windows 10

For information about this issue with CrowdStrike on Windows servers, see KB5042426.

Summary 

Microsoft has identified an issue impacting Windows endpoints that are running the CrowdStrike Falcon agent. These endpoints might encounter error messages 0x50 or 0x7E on a blue screen and experience a continual restarting state.

We have received reports of successful recovery from some customers attempting multiple restart operations on affected Windows endpoints.

We are working with CrowdStrike to provide the most up-to-date information available on this issue. Please check back for updates on this ongoing issue. 

Resolution

Important: We have released a USB tool to help automate this manual repair process. For more information, see New recovery tool to help with CrowdStrike issue impacting Windows devices.

To resolve this issue, follow these instructions for your version of Windows.

Windows 11Windows 10

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select PowerRestart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot.Choose an option

  4. On the Troubleshoot screen, select Advanced options > Startup Settings > Enable safe mode.​​​​​​​​​​​​​​ ​​​​​​​ Troubleshoot

  5. Restart your device.Note You may be asked to enter your BitLocker recovery key. When the device restarts, continue pressing F4 and then it will log you in to safe mode. Please note, for some devices, you need to press F11 to log in through safe mode.

  6. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK.

  7. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  8. Type the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory.

  9. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  10. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  11. Manually search for any files that match “C-00000291*.sys” and delete them.

  12. Restart your device.

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power  > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot.Choose an option

  4. On the Troubleshoot screen, select Advanced options Startup Settings > Enable safe mode.​​​​ ​​​​​​​ Troubleshoot

  5. Restart your device.Note You may be asked to enter your BitLocker recovery key.

  6. When the device restarts, continue pressing F4 and then it will log you in to safe mode.

  7. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK.

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type in the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example C is your system drive. This will change to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  12. Manually search for any files that match “C-00000291*.sys” and delete them.

  13. Restart your device.

Recovery methods

If you receive the Windows Recovery screen, use one of the following methods to recover your device.

Method 1: Use Enable safe mode

Windows 11Windows 10

  1. Hold the power button for 10 seconds to turn off your device and thenpress the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot Advanced options Startup Settings Enable safe mode. Then, restart your device.Note You might be asked to enter your BitLocker recovery key. When the device restarts, continue pressing F4 and then it will log you in to safe mode. Please note, for some devices, you need to press F11 to log in through safe mode.

  4. If the screen asks for a BitLocker recovery key, use your phone and log on to https://aka.ms/aadrecoverykey. Log on with your Email ID and domain account password to find the BitLocker recovery key associated with your device. To locate your BitLocker recovery key, click Manage Devices > View Bitlocker Keys > Show recovery key.

  5. Select the name of the device where you see the BitLocker prompt. In the expanded window, select View BitLocker Keys. Go back to your device and input the BitLocker key that you see on your phone or secondary device.Command Prompt

  6. When the device restarts, continue pressing F4 and then it will log you in to safe mode.

  7. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK. ​​​​​​​ Safe Mode Command Prompt

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type the following command and then press Enter:

    Tip:  CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  12. Manually search for any files that match “C-00000291*.sys” and delete them.

  13. Restart your device.

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot Advanced options Startup Settings Enable safe mode.  Then restart your device again.Note You might be asked to enter your BitLocker recovery key. When the device restarts, continue pressing F4 and then it will log you into safe mode. Please note, for some devices, you need to press F11 to log in through safe mode.

  4. If the screen asks for a BitLocker recovery key, then use your phone and log on to https://aka.ms/aadrecoverykey. Log on with your Email ID and domain account password to find the bit locker recovery key associated with your device. To locate your BitLocker recovery key, click Manage Devices > View Bitlocker Keys > Show recovery key.

  5. Select the name of the device where you see the BitLocker prompt. In the expanded window, select View BitLocker Keys. Go back to your device and input the BitLocker key that you see on your phone or secondary device.

  6. When the device restarts, continue pressing F4 and then it will log you in to safe mode.

  7. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK. ​​​​​​​ Safe Mode Command Prompt

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type in the following command and then press Enter:

    Tip:  CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  12. Manually search for any files that match “C-00000291*.sys” and delete them.

  13. Restart your device.

Method 2: Use System Restore

Windows 11Windows 10

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot Advanced options > System Restore.

  4. If the screen asks for a BitLocker recovery key, use your phone and log on to https://aka.ms/aadrecoverykey. Login with your email id and domain account password to find the bit locker recovery key associated with your device. To locate your BitLocker recovery key, click Manage Devices > View Bitlocker Keys > Show recovery key.

  5. Select the name of the device where you see the BitLocker prompt. In the expanded window, select View BitLocker Keys. Go back to your device and input the BitLocker key that you see on your phone or secondary device. ​​​​​​​ Command Prompt

  6. Click Next on System Restore.

  7. Select the Restore option in the list, click Next, and then click Finish.

  8. Click Yes to confirm the restore.Note This will perform just the Windows system restore and personal data should not be impacted. This process might take up to 15 minutes to complete.

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot Advanced options > System Restore.

  4. If the screen asks for a BitLocker recovery key, use your phone and log on to https://aka.ms/aadrecoverykey. Log in with your Email ID and domain account password to find the bit locker recovery key associated with your device. To locate your BitLocker recovery key, click Manage Devices > View Bitlocker Keys > Show recovery key.

  5. Select the name of the device where you see the BitLocker prompt. In the expanded window, select View BitLocker Keys. Go back to your device and input the BitLocker key that you see on your phone or secondary device.

  6. Click Next on System Restore.

  7. Select the Restore option in the list, click Next, and then click Finish.​​​​​​​

  8. Click Yes to confirm the restore.Note This will perform just the Windows system restore and personal data should not be impacted. This process might take up to 15 minutes to complete.

Contact CrowdStrike

If after following the above steps, if you still experience issues logging into your device, please reach out to CrowdStrike for additional assistance.

References

Start your PC in safe mode in Windows

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.

We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders