The status of my Amazon WorkSpaces Linux WorkSpace is Unhealthy.
Short description
WorkSpaces periodically sends a health status request to each WorkSpace to check the health of the WorkSpace. If WorkSpaces doesn't receive a response from the WorkSpace, then the WorkSpace status changes to Unhealthy.
The following issues can cause the status to change to Unhealthy:
- The WorkSpace computer name changed and you didn't reboot the WorkSpace.
- The WorkSpace is consistently using high CPU.
- The agent or service that responds to WorkSpaces isn't running, or the management interface (ETH0) is turned off.
- An Amazon DCV or PCoIP service isn't running.
- Antivirus software is blocking WorkSpaces components.
- An application on the WorkSpace is blocking the network connection between WorkSpaces and the WorkSpace on the management interface.
Resolution
Use CloudWatch metrics to review your WorkSpaces
To help you determine the cause, review the CPUUsage, MemoryUsage, and Unhealthy WorkSpaces metrics in Amazon CloudWatch.
Reboot the WorkSpace
Reboot the WorkSpace. If a reboot doesn't resolve the issue, then use SSH to connect to the WorkSpace.
Note: By default, SSH is turned off on Ubuntu and Red Hat Enterprise Linux (RHEL) WorkSpaces. To use SSH, turn on SSH for your Ubuntu or RHEL WorkSpace.
If you can't use SSH to connect to your WorkSpace, then proceed to the Restore or rebuild the WorkSpace section.
Check for high CPU
Check whether your Amazon Elastic Compute Cloud (Amazon EC2) Linux instance has high CPU utilization.
Check that the management and customer interfaces are running
To check for active interfaces, run the following command:
sudo ifconfig
To check all available interfaces, run the following command:
sudo ip link show
If an interface isn't running, then run the following command to activate the interface:
sudo ifconfig ethernet-name up
Note: Replace ethernet-name with your Ethernet name.
Confirm that the WorkSpaces services are running and responsive
Use SSH to connect to the WorkSpace. Then, run the commands for your service to check the service's status.
Ubuntu or RHEL WorkSpace:
sudo systemctl status skylight-agent.service
sudo systemctl status wspdcvhostadapter.service
sudo systemctl status dcvserver.service
Amazon Linux 2 WorkSpace:
sudo systemctl status skylight-agent.service
sudo systemctl status pcoip.service
If the service is in the Stopped state, then run the commands for your service to start the service.
Ubuntu or RHRL WorkSpace:
sudo systemctl start skylight-agent.service
sudo systemctl start wspdcvhostadapter.service
sudo systemctl start dcvserver.service
Amazon Linux 2 WorkSpace:
sudo systemctl start skylight-agent.service
sudo systemctl start pcoip.service
If the services are running, then run the command for your service to check status of the service ports.
Skylight:
sudo netstat -tulpn | grep skylight
DCV services that use Ubuntu and RHEL:
sudo netstat -ntpla |grep dcv
PCoIP services that use Amazon Linux 2:
sudo netstat -ntpla |grep pcoip
The status for each service must be LISTEN.
Example:
sudo netstat -ntpla |grep dcv
tcp 0 0 127.0.0.1:8290 0.0.0.0:* LISTEN 1058/wspdcvhostadap
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1058/wspdcvhostadap
tcp 0 0 198.19.129.139:8220 0.0.0.0:* LISTEN 1073/dcvserver
Verify your WorkSpaces configuration
Verify that endpoint protection software, such as antivirus or anti-malware software, allows the required WorkSpaces service components. Also, verify that an application or VPN isn't blocking your management adapter. Then, check your WorkSpace connectivity.
Use the /var/lib/skylight/tls.cert file path to verify that the Skylight certificate is in the Linux certificate store.
Note: This file location is same for all Linux distributions.
Verify firewall rules
The firewall must allow listed traffic on the management network interface. Also, verify that the operating system (OS) firewall or third-party firewall has rules to allow the required ports.
Restore or rebuild the WorkSpace
If you can't use SSH to connect to the WorkSpace, then restore the WorkSpace to the latest snapshot. If the WorkSpace is still unhealthy, then rebuild the WorkSpace.
You can use the AWS Command Line Interface (AWS CLI) to reboot, restore, or rebuild the WorkSpace.
Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
If none of the preceding troubleshooting steps resolve your issue, then collect the client-side logs and open an AWS Support case.
Related information
IP address and port requirements for WorkSpaces Personal
Turn on self-service WorkSpace management capabilities for your users in WorkSpaces Personal
How do I troubleshoot a Windows WorkSpace that's marked as unhealthy?