This blog contains high-level guidance for Citrix admins to recover their environments from the July 19 CrowdStrike outage. These recommendations are subject to change and may be updated.
Recommendations for Citrix customers currently impacted by the CrowdStrike outage
Citrix DaaS (Citrix Cloud) customers: Citrix Cloud services were not impacted by this outage. For customers using DaaS with Workspace and Gateway Service, your first priority is to restore IT-managed infrastructure (AD, etc.) and Cloud Connector servers. Once Cloud Connectors are back online, move on to evaluating and remediating VDAs.
IT-managed Virtual Apps and Desktops customers: For affected infrastructure components (SQL server, Delivery Controllers, StoreFront, Director, Citrix Provisioning Servers etc.) restore infrastructure first, then move on to persistent VDA workloads and related user-facing components such as file share servers (including ones hosting Citrix Profile Management).
Affected Servers Hosting Citrix Components | Impact |
Cloud Connectors | Users may have issues logging in or enumerating resources for both StoreFront and Workspace workloads. |
Delivery Controllers | Users may have issues logging in or enumerating resources. |
VDAs | Users will be unable to launch their apps or desktops. |
Customer-managed StoreFront | Users will be unable to reach the StoreFront URL. |
Federated Authentication Services | Users may have issues logging in to VDAs. |
Citrix Director | Help desk teams and admins may not be able to take actions on sessions or view reports (though monitoring data will still persist in SQL if the SQL server is available) |
SQL | If all other components are functioning, the environment may enter LHC mode. |
License Server | If all other components are functioning, the environment may enter license caching mode. |
Note: We recommend restoring in the order listed in the table for optimal restoration time.
Core infrastructure mitigation and persistent machines: You may have Windows infrastructure that is offline. In this case, we recommend following the CrowdStrike recommendations to resolve the bluescreen error and recover these machines first. The leading practice of updating highly available infrastructure components is that they should not be done all at once—essentially, update a single controller and let it run/test before updating others. For persistent VDAs, you can either restore from a known good backup using your tool of choice, or implement the CrowdStrike recommendations to resolve the bluescreen error.
Non-persistent VDA machines
- Non-persistent MCS/PVS machines: Many of our customers have reported no issues with non-persistent machines, as they do not receive automatic updates per leading practices. If your non-persistent machines are experiencing issues, rebooting them will reset them to the golden image state.
- App Layering: There is no known impact to App Layering. The appliance is not a Windows device and is thus unaffected. App Layering Images would be categorized and treated as non-persistent machines.
- Note: It is possible that the file referenced in the CrowdStrike recommendations may exist on a persistent User Layer. We don’t expect this to be impactful as the contents of the User Layer are only blended into the file system at login, whereas CrowdStrike Falcon is already running when the VDA boots. However, if it needs to be removed, this can be done by mounting the VHDX file and removing the referenced file manually or through a script.
Endpoints: Windows endpoints would be impacted and customers would need to follow the CrowdStrike recommendations to address the behavior. Non-Windows endpoints (thin client, Linux, MacOS, etc.) using Citrix Workspace app would not be impacted.
Please contact your Citrix partner or Citrix support if you need further assistance.