Recovery options for Azure Virtual Desktop session host VMs

Last week an update issue caused unresponsiveness and startup failures on Windows machines using the CrowdStrike Falcon agent, including some Azure Virtual Desktop session host virtual machines (VMs). CrowdStrike has released a public statement addressing the matter that includes recommended steps for a workaround. Microsoft also released guidance for resolving the issue for Azure VMs, which detailed restoring from a backup created prior to the update and OS disk repairs.

For Azure Virtual Desktop session host VMs that have been impacted, there are several recovery options. First, we recommend reviewing the recovery options for Azure virtual machines should they be applicable to your environment.

For Azure Virtual Desktop session host VMs specifically, if you are using FSLogix to maintain the user profile separate from the VMs:

1. Deploy a new host pool, or add new session hosts to an existing host pool
2. Use the existing FSLogix configuration that would enable user profiles and states to be consumed from these new VMs, which are themselves unaffected by the specific CrowdStrike version that has caused the issue.
3. You can then, optionally, delete the impacted session host VMs at a time of your choosing.

FSLogix redirects the user profile to a virtual hard disk (VHD) that is stored separately from the VM on a storage service located within Azure. When a user signs in to their session host, their user profile VHD is mounted onto the VM and the user profile is loaded into the session. The user experience is therefore maintained on the new session host, enabling the user to be productive. No user profile data is stored in the VM local disk.

If you used an existing image to create your session hosts, this image should be used so that any applications or configurations that pre-configured within the image are immediately available to users. You can alternatively use the Azure Marketplace to select any supported Windows image. You would then apply any existing policies via Active Directory Group Policy or Microsoft Intune policies, as well as install any software packages via your software distribution tool.

For personal host pools using FSLogix, while FSLogix will return the user profile and the user experience to a new session host, any data stored manually on the local drive(s) or bespoke software installations will be lost. Data can be restored; however, by mounting the impacted VM OS disk to another virtual machine and manually copying the data.

Further information on FSLogix is available in our FXLogix documentation.