This guide helps identify and resolve health check failures when using CloudPe Load Balancers.
1. OS-Level Checks
1.1 Confirm Application/Service Is Running
Linux
systemctl status <service-name>
systemctl restart <service-name>
ss -tulnp | grep <port>
Windows
- Open Services.msc and ensure the service is Running
netstat -ano | findstr <port>
tasklist /FI "PID eq <pid>"
1.2 Test the Health Endpoint Locally
Linux
curl -I http://localhost:<port>/<health-path>
curl http://127.0.0.1:<port>/<health-path>
Windows (PowerShell)
Invoke-WebRequest -Uri http://localhost:<port>/<health-path> -UseBasicParsing
✔ The health endpoint must return HTTP 200–299 for HTTP/HTTPS health checks.
1.3 Check OS Firewall and Cloud Security Rules
Linux
sudo firewall-cmd --list-all # CentOS/RHEL/firewalld
sudo ufw status # Ubuntu with UFW
sudo iptables -L -n # iptables
Windows
Get-NetFirewallRule | Where-Object { $_.Direction -eq 'Inbound' -and $_.Enabled -eq 'True' } | Format-Table DisplayName,Profile,Action
1.4 Confirm the Application Is Listening on the Private Interface
If the application is bound to 127.0.0.1, the Load Balancer cannot reach it.
It must listen on 0.0.0.0 or the VM’s private IP.
Linux
ss -tulnp | grep <port>
# or
netstat -tulnp | grep <port>
1.5 Direct Connectivity Test (From Another Internal VM)
curl http://<backend-private-IP>:<port>/<health-path>
telnet <backend-private-IP> <port>
nc -vz <backend-private-IP> <port> # Linux
❗ If direct access fails — fix the backend app / firewall / OS.
The Load Balancer cannot succeed if direct connectivity does not work.
1.6 Check Logs and Errors
Linux
journalctl -u <service-name> -n 200
tail -n 200 /var/log/messages
tail -n 200 /var/log/nginx/error.log # or /var/log/httpd/error_log
Windows
- Event Viewer → Application / System
- IIS Logs:
C:\inetpub\logs\LogFiles
1.7 Resource Checks (CPU / RAM / Disk)
Linux
top
free -m
df -h
Windows
- Task Manager → CPU / Memory / Disk
2. CloudPe Load Balancer-Level Checks
2.1 Verify Health Check Settings
Ensure the health check matches your backend application:
- Protocol: TCP / HTTP / HTTPS
- Port: must match backend service port
- Path (HTTP/HTTPS): must return 200–299
- Timeout / Interval / Thresholds:
| Setting | Recommended |
|---|---|
| Interval | 10 s |
| Timeout | 5 s |
| Healthy Threshold | 3 |
| Unhealthy Threshold | 3 |
2.2 Confirm Backend Pool Membership & IPs
Verify:
- Correct backend VM(s) attached
- Correct private IP selected (especially if VM has multiple NICs)
- Correct backend port configured
2.4 Firewall / Security Group at Load Balancer Side
Make sure backend firewall/security group rules allow inbound traffic from the Load Balancer’s private IP range on the health check port.
If the LB cannot reach the backend due to firewall restrictions, the health checks will always fail.