How do I troubleshoot a Windows WorkSpace that is marked as Unhealthy?

Last updated: 2019-10-23

My Amazon WorkSpaces Windows WorkSpace is marked as Unhealthy. How can I fix this? 

Short Description

The Amazon WorkSpaces service periodically checks the health of a WorkSpace by sending it a status request. The WorkSpace is marked as Unhealthy if a response isn’t received from the WorkSpace in a timely manner. Common causes for this problem are:

  • An application on the WorkSpace is blocking network connection between the Amazon WorkSpaces service and the WorkSpace.
  • High CPU utilization on the WorkSpace.
  • The computer name of the Workspace is changed.
  • The agent or service that responds to the Amazon WorkSpaces service isn't in running state.

Resolution

Try the following troubleshooting steps to return the WorkSpace to a healthy state:

First, reboot the WorkSpace from the Amazon WorkSpaces console.

Then, if rebooting the WorkSpace doesn't resolve the issue, connect to the WorkSpace using Remote Desktop Connection (RDP).

  • If the WorkSpace is unreachable by RDP, rebuild the WorkSpace from the Amazon WorkSpaces console.
  • If you can connect to your WorkSpace, verify the following:

Verify CPU utilization

Open Task Manager to determine if the WorkSpace is experiencing high CPU utilization. If it is, try any of the following troubleshooting steps to resolve the issue:

  • Stop any service that is consuming high CPU
  • Resize the WorkSpace to a compute type greater than what is currently used
  • Reboot the WorkSpace

Note: To diagnose high CPU utilization, and for guidance if the above steps don't resolve your high CPU utilization issue, see How do I diagnose high CPU utilization on my EC2 Windows instance when my CPU is not throttled?

Verify the WorkSpace's computer name

If you changed the computer name of the WorkSpace, change it back to the original name.

  1. Open the Amazon WorkSpaces console, and then expand the Unhealthy WorkSpace to show details.
  2. Copy the Computer Name.
  3. Connect to the WorkSpace using RDP.
  4. Open a command prompt, and then enter hostname to view the current computer name.
    If the name matches the Computer Name from step 2, skip to the next troubleshooting section.
    If the names don’t match, enter sysdm.cpl to open system properties, and then follow the remaining steps in this section.
  5. Choose Change, and then paste the Computer Name from step 2.
  6. Enter your domain user credentials if prompted.

Confirm that SkyLightWorkspaceConfigService is in running state

From Services, verify if the WorkSpace service SkyLightWorkspaceConfigService is in running state. If it’s not, start the service.

Verify firewall rules

Confirm that Windows Firewall and any third-party firewall that is running have rules to allow the following ports:

  • Inbound TCP on port 4172: Establish the streaming connection.
  • Inbound UDP on port 4172: Stream user input.
  • Inbound TCP on port 8200: Manage and configure the WorkSpace.
  • Outbound UDP on port 55002: PCoIP streaming.

If your firewall uses stateless filtering, then open ephemeral ports 49152-65535 to allow return communication.

If your firewall uses stateful filtering, then ephemeral port 55002 is already open.