Shutdown initiated by CICS log manager

The CICS® log manager initiates a shutdown of the region if it encounters an error in the system log that indicates previously logged data has been lost. In addition to initiating the shutdown, the log manager informs the recovery manager of the failure, which causes the recovery manager to set the type-of-restart indicator to "no-restart-possible" and to issue message DFHRM0144. The result is that recovery during a subsequent restart is not possible and you can perform only an intial start of the region. To do this you are recommended to run the recovery manager utility program (DFHRMUTL) to force an initial start, using the SET_AUTO_START=AUTOINIT option.

During shutdown processing, existing transactions are given the chance to complete their processing. However, no further data is written to the system log. This strategy ensures that the minimum number of units of work are impacted by the failure of the system log. This is because:

Therefore, when the system has completed the log manager-initiated shutdown all (or most) units of work will have completed normally during this period and if there are no backout attempts, data integrity is not compromised.

Effect of problems with the system log

A key value of CICS is its ability to implement its transactional recovery commitments and thus safeguard the integrity of recoverable data updated by CICS applications. As explained earlier, this ability relies upon logging before-images and other information to the system log. However, it is possible (though very unlikely) that the system log itself may suffer software or hardware related problems. The system log function can suffer from failures in the CICS recovery manager, the CICS logger domain or the MVS™ system logger component. Although problems with these components are unlikely, it is important to understand the actions to take to minimise the impact of such problems.

As explained in Shutdown initiated by CICS log manager, the detection of loss of data from the system log leads to a shutdown of the CICS region. This minimizes the number of transactions that fail after a problem with the log is detected and therefore minimizes the data integrity exposure.

Any problem with the system log that indicates that it may not be able to access all the data previously logged invalidates the log. This means that you can perform only a diagnostic run or an initial start of the region to which the system log belongs.

Note:
The reason that a system log is completely invalidated by these kinds of error is that CICS can no longer rely on the data it previously logged being available for recovery processing. For example, the last records logged might be unavailable, and therefore recovery of the most recent units of work cannot be carried out. However, data might be missing from any part of the system log and it is impossible for CICS to identify what is missing. CICS cannot examine the log and determine exactly what data is missing, because the log data may appear self-consistent even when CICS has detected that some data is missing.

Another class of problem with the system log is that which does not indicate any loss of data (for example, access to the logstream was lost due to termination of the MVS system logger address space). This class of problem causes an immediate termination of CICS because there is a reasonable expectation that a subsequent emergency restart will be successful when the cause of the problem has been resolved.

For information about how to deal with system log problems, see the CICS Problem Determination Guide.

[[ Contents Previous Page | Next Page Index ]]