Troubleshooting a Windows WorkSpace marked as unhealthy - Best Practices for Deploying WorkSpaces

Troubleshooting a Windows WorkSpace marked as unhealthy

The Amazon WorkSpaces service periodically checks the health of a WorkSpace by sending it a status request. The WorkSpace is marked as Unhealthy if a response isn’t received from the WorkSpace in a timely manner. Common causes for this problem are:

  • An application on the WorkSpace is blocking network connection between the Amazon WorkSpaces service and the WorkSpace.

  • High CPU utilization on the WorkSpace.

  • The computer name of the WorkSpace is changed.

  • The agent or service that responds to the Amazon WorkSpaces service isn't in running state.

The following troubleshooting steps can return the WorkSpace to a healthy state:

Verify CPU utilization

Use Open Task Manager to determine if the WorkSpace is experiencing high CPU utilization. If it is, try any of the following troubleshooting steps to resolve the issue:

  1. Stop any service that is consuming a high amount of CPU.

  2. Resize the WorkSpace to a compute type greater than what is currently used.

  3. Reboot the WorkSpace.


To diagnose high CPU utilization, and for guidance if the above steps don't resolve the high CPU utilization issue, refer to How do I diagnose high CPU utilization on my EC2 Windows instance when my CPU is not throttled?

Verify the computer name of the WorkSpace

If the computer name of the Workspace was changed, change it back to the original name:

  1. Open the Amazon WorkSpaces console, and then expand the Unhealthy WorkSpace to show details.

  2. Copy the Computer Name.

  3. Connect to the WorkSpace using RDP.

  4. Open a command prompt, and then enter hostname to view the current computer name.

    1. If the name matches the Computer Name from step 2, skip to the next troubleshooting section.

    2. If the names don’t match, enter sysdm.cpl to open system properties, and then follow the remaining steps in this section.

  5. Choose Change, and then paste the Computer Name from step 2.

  6. Enter the domain user credentials if prompted.

  7. Confirm that SkyLightWorkspaceConfigService is in Running State

    1. From Services, verify that the WorkSpace service SkyLightWorkspaceConfigService is in running state. If it’s not, start the service.

Verify Firewall rules

Confirm that the Windows Firewall and any third-party firewall that is running have rules to allow the following ports:

  • Inbound TCP on port 4172: Establish the streaming connection.

  • Inbound UDP on port 4172: Stream user input.

  • Inbound TCP on port 8200: Manage and configure the WorkSpace.

  • Outbound UDP on port 55002: PCoIP streaming.

If the firewall uses stateless filtering, then open ephemeral ports 49152-65535 to allow return communication.

If the firewall uses stateful filtering, then ephemeral port 55002 is already open.