How do I troubleshoot black screen and white screen issues in WorkSpaces?

3 minute read

My Amazon WorkSpaces client connection fails after client authentication was successful with a black screen or a white screen. Why does this happen and how can I troubleshoot the issue?

Short description

After authenticating your Amazon WorkSpaces client, problems with connectivity might cause the following issues:

  • A white screen that appears along with a “Disconnected” message. This issue is typically the result of blocked inbound traffic between a WorkSpace and a client device.
  • A black screen that appears while connecting. This typically indicates an interruption in the UDP stream from Amazon WorkSpaces to a client device. This often occurs when the outbound UDP stream on ports 50002 and 55002 is not allowed on the client side.


To resolve connectivity issues that result in a white screen or a black screen, perform the following steps.

Verify inbound and outbound traffic

Make sure that inbound and outbound streaming protocol traffic is allowed between the WorkSpaces streaming gateways and the client device.

On your local device, validate your networking and access settings depending on your setup:

Verify local firewall settings

On your local device, make sure that your firewall and any other security applications aren’t blocking the streaming protocol traffic.

If your firewall uses stateless filtering, then open ephemeral ports 49152–65535 to allow for return communication. If your firewall uses stateful filtering, then the ephemeral ports 50002 and 55002 are automatically open to allow for return communication.

Verify WorkSpace firewall settings

Use Remote Desktop Protocol (RDP) to sign in to your WorkSpace as a user or the domain administrator. In your WorkSpace, make sure that your firewall and security applications aren’t blocking the streaming protocol traffic that’s flowing through your management network’s network adapter.

Verify WorkSpaces traffic settings

In the WorkSpaces console, verify that your WorkSpaces security groups allow the necessary traffic. Customized security group rules might cause traffic interruptions.

Verify WorkSpaces streaming traffic settings

Use RDP to sign in to the WorkSpace IP from another WorkSpace or from an Amazon Elastic Compute Cloud (Amazon EC2) instance in the WorkSpaces subnet.

Note: You can find the WorkSpace IP in the WorkSpaces console.

Confirm with your network team that streaming protocol traffic is allowed through the network devices and the infrastructure.

Confirm communication between the client device and a streaming gateway by using a tool, such as WireShark, to capture traffic.

Related information

Ports for client applications

Control traffic to resources using security groups

AWS OFFICIALUpdated a year ago