This post just contains a couple of my own notes setting up Maximo with a Load Balancer which I learnt the hard way:
Property mxe.system.useLoadBalancer
This setting should be set to 1. If not enabled, Maximo thinks the IP address of the Load Balancer’s IP is the client’s and blocks it when the number of requests exceeds a certain threshold (by default is 50 per 3 seconds). For more details about the IP blocking function, refer to this previous post Maximo 7.6. feature – Denial of Service attack
Load Balancer session timeout
I recently worked with a client who set up Citrix NetScaler as the LB for Maximo. Its default session timeout is 2 minutes. A load balancer (LB) should have session stickiness, meaning it should keep forwarding all requests from one user to the same Maximo application server throughout the whole user’s session. When the LB session times out while Maximo session is still active, a new request from the same user will be directed to a new application server that doesn’t manage the current active Maximo session, it forces the user back to the login screen.
To fix this, we need to increase the LB session timeout to be more than the timeout setting in Maximo (by default, it’s 30 minutes).
Please note: if you have LDAP integration, the LTPA token is a different login session maintained by Websphere and is not related to this. LTPA token will expire after a fixed duration from logging in regardless of whether the user is active or not. This caused the users to be randomly logged out. Thus, I usually set LTPA token timeout to a very high value (e.g. 10-15 hours)
Property mxe.int.webappurl
if Maximo is only accessible via the LB’s URL, we should update the few webappurl properties pointing to that URL. If the URL values set there are wrong, it leads to an incorrect URL returned in the integration responses. This in turn can lead to error BMXAA5798E when deploying Web Services or generating XML schemas. We can set the mxe.int.verifywebappurl to 0 to avoid the issue when generating XML Schema
Websphere rewriting port 80/443 to application server ports 9080/9443
If the Load Balancer is set up to distribute load directly to the application servers
without the HTTP Webserver sitting in between, you can get this issue. To fix this, for each application server (JVM), add two Web Container custom properties below and set them to True:
- com.ibm.ws.webcontainer.extractHostHeaderPort
- Trusthostheaderport
Missing integration message due to Load Balancer’s Maintenance Page
During the maintenance window of the external application’s servers (e.g. software patching), if Load Balancer is set to display a maintenance page, and the HTTP Response Status Code of the page is 2xx, any integration message Maximo sent to the server via the LB shall be marked as successful while the target system never receives them. This can cause missing data in the target system. Refer to this post for more details: The curious case of the MIA work orders
Leave a Reply
You must be logged in to post a comment.