I'm unable to start my instance and I see Client.InternalError when running the describe-instances command. How do I fix this?

Last updated: 2021-10-07

I'm trying to start my Amazon Elastic Compute Cloud (Amazon EC2) instance and the instance doesn't start and doesn't return an error message. Or, it doesn't start and returns the error message "Client.InternalError" or "Server.InternalError". How can I fix this?

Short description

You might see the "Server.InternalError" message for the following reasons:

  • Your Amazon Elastic Block Store (Amazon EBS) volume isn't attached to the instance correctly.
  • An EBS volume attached to the instance is in an error state.

You might see the "Client.InternalError" message if an encrypted EBS volume is attached to the instance.

Note: If your instance doesn't start and no error code appears, run the describe-instances command. Then, specify the instance ID. In the following example, replace MYINSTANCE with the id of the instance that you're trying to start.

aws ec2 describe-instances --instance-id MYINSTANCE --output json

Check the StateReason message in the JSON response returned by the command.

Resolution

EBS volumes aren't attached to the instance correctly

If the EBS root volume isn't attached to the instance as /dev/sda1 or /dev/xvda and a second EBS volume has a duplicate or conflicting device name, then you can't stop or start the instance. Only Xen-based instance types (c4, m4, t2, and so on) are affected by block device name conflicts. Nitro-based instances (c5, m5, t3, and so on) aren't affected by block device name conflicts.

1.    Run the describe-instances API to verify the StateReason error message and error code. The following is an example of the command output if there is a device name conflict:

awsec2describe-instances--instance-idi-xxxxxxxxxxxxxxx|egrep-A3-iStateReason
"StateReason": {
    "Code": "Server.InternalError",
    "Message": "Server.InternalError: Internal error on launch"
},

2.    Open the Amazon EC2 console, and then select the instance that you can't start.

3.    On the Description tab, verify the device name listed in Block devices. The Block devices field displays all devices names of the attached volumes.

4.    Verify that the root device is correctly attached and that there isn't a device listed with the same name or with a conflicting name.

5.    If there is a device with a duplicate or conflicting device name, detach the conflicting volume and rename it. Then, reattach the volume with the updated device name.

An attached EBS volume is in an error state

1.    Run the describe-instances API to verify the StateReason error message and error code. The following is an example of the command output if there is an attached EBS volume in an error state:

aws ec2 describe-instances --instance-ids i-xxxxxxxxxxxxxx 
          "InstanceId": "i-xxxxxxxxxxxxxxxx",
          "InstanceType": "c4.8xlarge",
          "State": {
            "Name": "stopped"
          },
          "StateTransitionReason": "Server.InternalError",

2.    Open the Amazon EC2 console, choose Volumes, and then verify if the status of the volume is error. Your options vary depending on whether the volume in an error state is a root volume or a secondary volume.

If the volume in an error state is a secondary volume, detach the volume. You can now start the instance.

If the volume in an error state is a root volume and you have an existing snapshot of the volume, do the following:

Detach the volume.

Create a new volume from the snapshot.

Attach the new volume to the instance using the device name of the original instance. Start the instance.

Note: If the volume in an error state is a root volume and you don't have an existing snapshot of the volume, then you can't restart the instance. You must rebuild the instance.

Attached volumes are encrypted and there are incorrect AWS Identity and Access Management (IAM) permissions or policies

1.    Run the describe-instances API to verify the StateReason error message and error code. The following is an example of the command output if there is an encrypted volume attached to the instance and there are permissions or policy issues:

aws ec2 describe-instances --instance-ids i-xxxxxxxxxxxxxxxxx
"StateReason": {
     "Message": "Client.InternalError: Client error on launch",
     "Code": "Client.InternalError"
   },

2.    Verify the following:

Note: To verify if a volume is encrypted, open the Amazon EC2 console, and then select Volumes. Encrypted volumes have Encrypted listed in the Encryption column.