FIX CrowdStrike Microsoft Windows on Azure VM

karleeov - Jul 19 - - Dev Community
  1. Connect to Serial Console and Use PowerShell:

    • First, ensure that the Serial Console is enabled for your VM. If not, follow the instructions to enable it¹.
    • Connect to the Serial Console and open a CMD instance.
    • Check the boot configuration data:
     bcdedit /enum
    

    If the VM is configured to boot into Safe Mode, you'll see an extra flag under the Windows Boot Loader section called safeboot. The possible values are Minimal or Network. RDP won't start in either of these modes.

    • To make the VM boot into normal mode, delete the safeboot flag:
     bcdedit /deletevalue {current} safeboot
    
  • Verify that the safeboot flag is removed:

     bcdedit /enum
    
  • Restart the VM and check if the issue is resolved.

  1. Repair the VM Offline (if needed):
    • Attach the OS disk to a recovery VM.
    • Start a Remote Desktop connection to the recovery VM.
    • Ensure the disk is flagged as Online in the Disk Management console.
    • Note the drive letter assigned to the attached OS disk.
    • Optionally, enable dump logs and Serial Console for further troubleshooting².
    • Now you can perform the same steps as above to remove the safeboot flag and reboot the VM.

Remember to take a snapshot of the OS disk before making any changes as a backup. These steps should help your Azure VM boot normally without the CrowdStrike-induced BSoD. 😊👍¹³

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .