Pythian Blog: Technical Track

Fixing CrowdStrike in VMware ESX vSphere Workaround

Fixing CrowdStrike in VMware ESX vSphere Workaround
1:12

We identified a client with CrowdStrike issues on old Windows 10 machines with no local admin account and no access to the host. Our team found a potential workaround using a Windows VDI (Virtual Desktop Infrastructure) jump host in the same VMware ESX.

The steps are as follows:

  1. Turn off the problematic Windows machine inside vSphere.
  2. Edit machine settings to identify the C:\ drive vmdk disk and note the vSAN disk name.
  3. Copy the vmdk disk before making any changes.
  4. On your Windows jump host, add the vmdk disk from the problematic Windows machine.
  5. In the jump host, open Disk Management, bring the new disk online, and note the new drive letter.
  6. Open Command Prompt or PowerShell, navigate to the CrowdStrike files path, and remove them as per troubleshooting guide.
  7. Close Command Prompt or PowerShell.
  8. In Disk Management, take the new disk offline.
  9. Remove the disk from the Windows jump host settings. DO NOT check the box to delete or remove from vsan.
  10. Start up the problematic Windows machine and ensure it is functional.

Remember to delete the vmdk disk copy after confirming the machine is back online

Let us know if this fix worked for you. Thanks for reading.

No Comments Yet

Let us know what you think

Subscribe by email