How do I troubleshoot a Linux WorkSpace that's in the Unhealthy state?

4 minute read
0

The status of my Amazon WorkSpaces Linux WorkSpace is Unhealthy.

Short description

WorkSpaces periodically sends a health status request to each WorkSpace to check the health of the WorkSpace. If WorkSpaces doesn't receive a response from the WorkSpace, then the WorkSpace status changes to Unhealthy.

The following issues can cause the status to change to Unhealthy:

  • The WorkSpace computer name changed and you didn't reboot the WorkSpace.
  • The WorkSpace is consistently using high CPU.
  • The agent or service that responds to WorkSpaces isn't running, or the management interface (ETH0) is turned off.
  • An Amazon DCV or PCoIP service isn't running.
  • Antivirus software is blocking WorkSpaces components.
  • An application on the WorkSpace is blocking the network connection between WorkSpaces and the WorkSpace on the management interface.

Resolution

Use CloudWatch metrics to review your WorkSpaces

To help you determine the cause, review the CPUUsage, MemoryUsage, and Unhealthy WorkSpaces metrics in Amazon CloudWatch.

Reboot the WorkSpace

Reboot the WorkSpace. If a reboot doesn't resolve the issue, then use SSH to connect to the WorkSpace.

Note: By default, SSH is turned off on Ubuntu and Red Hat Enterprise Linux (RHEL) WorkSpaces. To use SSH, turn on SSH for your Ubuntu or RHEL WorkSpace.

If you can't use SSH to connect to your WorkSpace, then proceed to the Restore or rebuild the WorkSpace section.

Check for high CPU

Check whether your Amazon Elastic Compute Cloud (Amazon EC2) Linux instance has high CPU utilization.

Check that the management and customer interfaces are running

To check for active interfaces, run the following command:

sudo ifconfig

To check all available interfaces, run the following command:

sudo ip link show

If an interface isn't running, then run the following command to activate the interface:

sudo ifconfig ethernet-name up

Note: Replace ethernet-name with your Ethernet name.

Confirm that the WorkSpaces services are running and responsive

Use SSH to connect to the WorkSpace. Then, run the commands for your service to check the service's status.

Ubuntu or RHEL WorkSpace:

sudo systemctl status skylight-agent.service 
sudo systemctl status wspdcvhostadapter.service
sudo systemctl status dcvserver.service

Amazon Linux 2 WorkSpace:

sudo systemctl status skylight-agent.service 
sudo systemctl status pcoip.service

If the service is in the Stopped state, then run the commands for your service to start the service.

Ubuntu or RHRL WorkSpace:

sudo systemctl start skylight-agent.service
sudo systemctl start wspdcvhostadapter.service
sudo systemctl start dcvserver.service

Amazon Linux 2 WorkSpace:

sudo systemctl start skylight-agent.service 
sudo systemctl start pcoip.service

If the services are running, then run the command for your service to check status of the service ports.

Skylight:

sudo netstat -tulpn | grep skylight

DCV services that use Ubuntu and RHEL:

sudo netstat -ntpla |grep dcv

PCoIP services that use Amazon Linux 2:

sudo netstat -ntpla |grep pcoip

The status for each service must be LISTEN.

Example:

sudo netstat -ntpla |grep dcv
tcp 0 0 127.0.0.1:8290 0.0.0.0:* LISTEN 1058/wspdcvhostadap
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1058/wspdcvhostadap
tcp 0 0 198.19.129.139:8220 0.0.0.0:* LISTEN 1073/dcvserver

Verify your WorkSpaces configuration

Verify that endpoint protection software, such as antivirus or anti-malware software, allows the required WorkSpaces service components. Also, verify that an application or VPN isn't blocking your management adapter. Then, check your WorkSpace connectivity.

Use the /var/lib/skylight/tls.cert file path to verify that the Skylight certificate is in the Linux certificate store.

Note: This file location is same for all Linux distributions.

Verify firewall rules

The firewall must allow listed traffic on the management network interface. Also, verify that the operating system (OS) firewall or third-party firewall has rules to allow the required ports.

Restore or rebuild the WorkSpace

If you can't use SSH to connect to the WorkSpace, then restore the WorkSpace to the latest snapshot. If the WorkSpace is still unhealthy, then rebuild the WorkSpace.

You can use the AWS Command Line Interface (AWS CLI) to reboot, restore, or rebuild the WorkSpace.

Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

If none of the preceding troubleshooting steps resolve your issue, then collect the client-side logs and open an AWS Support case.

Related information

IP address and port requirements for WorkSpaces Personal

Turn on self-service WorkSpace management capabilities for your users in WorkSpaces Personal

How do I troubleshoot a Windows WorkSpace that's marked as unhealthy?

AWS OFFICIAL
AWS OFFICIALUpdated 12 days ago