hello I tried to uninstall crowdstrike from windows and I'm getting

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Uninstall - Win Error about ansible_collection_falcon HOT 5 CLOSED

txsastre commented on June 15, 2024

Uninstall - Win Error

from ansible_collection_falcon.

Comments (5)

txsastre commented on June 15, 2024 1

Sorry for my delay.
The "problem" was that. I needed a different token to uninstall, so there was not a real problem.
Thanks for your help.

from ansible_collection_falcon.

txsastre commented on June 15, 2024

also if I try to remove from the server I get this error

and the file log

[0A10:1534][2023-08-08T14:54:49]i001: Burn v3.14.0.6315, Windows v10.0 (Build 17763: Service Pack 0), path: C:\ProgramData\Package Cache\{8fc42182-d5f1-492c-a5ff-f155cc0a7816}\WindowsSensor.LionLanner.exe
[0A10:1534][2023-08-08T14:54:50]i000: Initializing string variable 'ProvisioningTokenHyperlink' to value '[https://falcon.eu-1.crowdstrike.com/support/documentation/67/host-and-host-group-management#installation-tokens'](https://falcon.eu-1.crowdstrike.com/support/documentation/67/host-and-host-group-management#installation-tokens%27)
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'DowngradingBundle' to value '0'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'ExistingCustomerId' to value '0'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'CID'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'Password'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing numeric variable 'ProvWaitTime' to value '1200000'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'MAINTENANCE_TOKEN'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'PW'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'ProvToken'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing hidden variable 'ProvisioningToken'
[0A10:1534][2023-08-08T14:54:50]i000: Initializing string variable 'BILLINGTYPE' to value ''
[0A10:1534][2023-08-08T14:54:50]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{8fc42182-d5f1-492c-a5ff-f155cc0a7816}\WindowsSensor.LionLanner.exe" -burn.filehandle.attached=652 -burn.filehandle.self=660 /uninstall /norestart'
[0A10:1534][2023-08-08T14:54:50]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\ADMCGI~1.ESI\AppData\Local\Temp\CrowdStrike Windows Sensor_20230808145450.log'
[0A10:1534][2023-08-08T14:54:50]i000: Setting string variable 'WixBundleManufacturer' to value 'CrowdStrike, Inc.'
[0A10:1534][2023-08-08T14:54:50]i100: Detect begin, 12 packages
[0A10:1534][2023-08-08T14:54:50]e000: Error 0x80070645: Attempt to uninstall valid only when bundle is installed.
[0A10:1534][2023-08-08T14:54:50]e000: Error 0x80070643: UX aborted detect begin.
[0A10:1534][2023-08-08T14:54:50]i199: Detect complete, result: 0x80070643
[0A10:2CE4][2023-08-08T14:54:50]i000: Setting numeric variable 'BundleRestartRequired' to value 0
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 5' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 6' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 7' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'WixBundleAction = 3' evaluates to true.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'BundleRestartRequired' evaluates to false.
[0A10:2CE4][2023-08-08T14:54:50]i052: Condition 'NOT BundleRestartRequired' evaluates to true.
[0A10:2CE4][2023-08-08T14:55:47]i000: No specific failing package log to open

from ansible_collection_falcon.

carlosmmatos commented on June 15, 2024

@txsastre Do you know if you have maintenance tokens enabled to prevent uninstalls? I think you are going to have to reach out to support to help with this because the sensor may be in a funky state. Check out this support article

from ansible_collection_falcon.

txsastre commented on June 15, 2024

yes, I'm going to try to find out.

By the way I have done some more test, I cloned 2 widnows 2019, uninstall works in 1 of 3, also uninstall works on a Windows 2012.

Playbook used, same as example

---
- hosts: all
  roles:
  - role: crowdstrike.falcon.falcon_uninstall
     vars:
      ffalcon_windows_become_user: SYSTEM
      falcon_windows_become_method: runas
      falcon_windows_uninstall_args: "MAINTENANCE_TOKEN=12341234"

error log

fatal: [192.168.70.161]: 
FAILED! => {"changed": 
false, "msg": "unexpected rc 
from '\"C:\\ProgramData\\Package Cache\\{9c135872-ac27-49d7-b96b-8ba5752470e3}\\WindowsSensor.LionLanner.exe\" /uninstall /quiet /norestart': 
see rc, stdout, and stderr for more details", "rc": 106, "reboot_required": false, "stderr": "", 
"stderr_lines": [], "stdout": "", "stdout_lines": []}

Ok I checked closely from CLI and I don't know why, he does not like the "MAINTENANCE_TOKEN=123412342", also putted in the GUI and it says no recognized token.

from ansible_collection_falcon.

carlosmmatos commented on June 15, 2024

Closing for now. Hopefully you opened a support ticket and are working it with them by now.

from ansible_collection_falcon.

Uninstall - Win Error about ansible_collection_falcon HOT 5 CLOSED

Comments (5)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent