Resolve health check failures

Last Updated: Feb 12, 2018

If a backend ECS instance is declared as unhealthy by the health check, Server Load Balancer (SLB) stops distributing requests to the unhealthy ECS instance. SLB will then distribute requests to other healthy ECS instances and will again distribute requests to this ECS instance when it becomes healthy.

For the Layer-7 SLB, use these techniques to troubleshoot the backend ECS instance if its health check is detected abnormal:

  • Check whether you can access the application service through the backend ECS instance directly.

  • Check whether the port opened on the backend server is the same as that configured in the listener.

  • Check whether the backend ECS instance has installed a firewall or other security protection software, blocking the IP address of SLB. The SLB system cannot communicate with the backend server if its IP address is blocked.

  • Check whether the health check configurations of SLB are correct. We recommend that you use the default values.

  • Check whether the web page used for the health check is a static page. If it is not the default home page of the backend ECS instance, you have to specify the URL of the web page in health check configurations. We recommend that you use a simple HTML page for health checks used only for checking the returned results. We recommend that you do not use dynamic scripting languages such as php.

  • Check whether there is a large load on the backend ECS instance. A large load may lower the response speed of the instance.

Follow these steps to check if any backend ports are open:

  1. Check whether a port is being listened.

    Assume that the frontend port of SLB is 80, the backend port on the ECS instance is 80, and the intranet IP address of the ECS instance is Run the following command on the server. If you can see the listening information of or, then the port is being listened.

    • For Windows system: netstat -ano | findstr :80

    • For Linux system: netstat -anp | grep :80

  2. Check whether the intranet firewall of the server allows port 80. You can temporarily close the firewall for testing. Run the following command to close the firewall:

    • For Windows system: firewall.cpl

    • For Linux system: /etc/init.d/iptables stop

  3. Check whether the backend port is normal.

    • For Layer-4 SLB, use telnet to test. The port is normal if there is a response. For example, run telnet 80.

    • For Layer-7 SLB, the HTTP status code must be a status code indicating the normal status, such as 200. Follow these methods to check:

      • For Windows systems: Enter the intranet IP address in the browser of the backend ECS instance to check whether the backend ECS instance can provide services over the intranet. In this example, the intranet IP address is:

      • For Linux systems: Use the curl -I command to check whether the response is HTTP/1.1 200 OK. In this example, the curl -I command is: curl -I

Thank you! We've received your feedback.