GUIDANCE FOR CITRIX CUSTOMERS ON MITIGATING THE CROWDSTRIKE OUTAGE
For Citrix customers affected by the CrowdStrike outage, it is recommended to follow the guidance:
Citrix DaaS (Citrix Cloud) customers:
Citrix Cloud services remained unaffected during the outage. Customers utilizing DaaS with Workspace and Gateway Service should prioritize restoring their IT-managed infrastructure, such as Active Directory, and Cloud Connector servers. After reestablishing Cloud Connectors, proceed to assess and address any issues with Virtual Delivery Agents (VDAs).
IT-managed Virtual Apps and Desktops customers:
When addressing affected infrastructure components such as SQL servers, Delivery Controllers, StoreFront, Director, and Citrix Provisioning Servers, prioritize restoring the infrastructure. Afterward, proceed to persistent VDA workloads and associated user-facing elements, including file share servers that host Citrix Profile Management.
| Affected Servers Hosting Citrix Components | Impact |
| Cloud Connectors | Users may have issues logging in or enumerating resources for both StoreFront and Workspace workloads. |
| Delivery Controllers | Users may have issues logging in or enumerating resources. |
| VDAs | Users will be unable to launch their apps or desktops. |
| Customer-managed StoreFront | Users will be unable to reach the StoreFront URL. |
| Federated Authentication Services | Users may have issues logging in to VDAs. |
| Citrix Director | Help desk teams and admins may not be able to take actions on sessions or view reports (though monitoring data will still persist in SQL if the SQL server is available) |
| SQL | If all other components are functioning, the environment may enter LHC mode. |
| License Server | If all other components are functioning, the environment may enter license caching mode. |
Note: The Cloud Software group recommends restoring in the order listed in the table for optimal restoration time.
Core infrastructure mitigation and persistent machines:
If the Windows infrastructure is offline, it is advisable to adhere to CrowdStrike's guidelines to address the bluescreen issue and restore the affected machines. When updating critical infrastructure components that are highly available, it's best practice to stagger the updates—update one controller, test its performance, then proceed with the others. Regarding persistent Virtual Desktop Agents (VDAs), you have the option to restore from a reliable backup using your preferred tool or follow CrowdStrike's advice to correct the bluescreen error.
Non-persistent VDA machines Non-persistent MCS/PVS machines:
Most customers have not encountered problems with non-persistent machines since they are not set to receive automatic updates, which is in line with best practices. Should any issues arise with your non-persistent machines, a reboot will restore them to their default state, known as the 'golden image.'
App Layering:
App Layering is not impacted as the appliance does not operate on Windows and is therefore not susceptible. Consequently, App Layering Images are classified and managed as non-persistent entities. Please note that the file mentioned in the CrowdStrike recommendations might be located on a persistent User Layer.
This is not anticipated to be significant since the User Layer's contents merge with the file system only during login, while CrowdStrike Falcon initiates upon VDA startup. Nonetheless, should removal be necessary, it can be achieved by mounting the VHDX file and manually deleting the specified file or utilizing a script for this purpose.
Endpoints:
Windows endpoints would be impacted, and customers would need to follow the CrowdStrike recommendations to address the behavior. Non-Windows endpoints (thin client, Linux, MacOS, etc.) using Citrix Workspace app would not be impacted.