Restarting an application server in recovery mode

When an application server instance with active transactions in progress restarts after a failure, the transaction service uses recovery logs to complete the recovery process. These logs, which each transactional resource maintains, are used to rerun any InDoubt transactions and return the overall system to a self-consistent state.

 

About this task

When you restart an application server in recovery mode:

• Transactional resources complete the actions in their recovery logs and then shut down. This action frees up any resource locks that the application server held prior to the failure.
• During the recovery period, only the subset of application server functions that are necessary for transactional recovery to proceed are available.
• The application server does not accept new work during the recovery process.
• The application server shuts down when the recovery is complete.

This recovery process begins as soon as all of the necessary subsystems within the application server are available. If the application server is not restarted in recovery mode, the application server can start accepting new work as soon as the server is ready, which might occur before the recovery work has completed.

Normally, this process is not a problem. However, situations exist when your operating procedures might not be compatible with supporting recovery work and new work simultaneously. For example, you might have a high availability environment where the work handled by the application server that failed is immediately moved to another application server. This backup application server then exclusively processes the work from the application server that failed until recovery has completed on the failed application server and the two application servers can be re-synchronized. In this situation, you might want the failing application server to only perform its transactional recovery process and then shut down. You might not want this application server to start accepting new work while the recovery process is taking place.

To prevent the assignment of new work to an application server that is going through its transaction recovery process, restart the application server in recovery mode.

When you restart a failed application server, the node agent for the node on which the failed application server resides must be running before we can restart that application server.

If you want to be able restart an application server in recovery mode, perform the following steps before a failure occurs, and then restart the application server to enable your configuration changes:

 

Procedure

• If the server is monitored by a node agent, clear the Automatic restart option for that server. Clearing this option prevents the node agent from automatically restarting the server in normal mode, before you have a chance to start it in recovery mode.
  1. In the administrative console, click Servers > Application Servers > server_name.
  2. Under Server Infrastructure, click Java and Process Management > Process Definition > Monitoring Policy.
  3. Clear the Automatic restart option.
• If a catastrophic failure occurs that leaves InDoubt transactions, issue the startServer server_name -recovery command from the command line. This command restarts the server in recovery mode. You must issue the command from the install_root/bin directory.

 

Results

The application server restarts in recovery mode, performs transactional recovery, and shuts down. Any resource locks that the application server held prior to the failure are released.

Related concepts
Transactional high availability

Related tasks
Starting an application server

Related information
Starting servers using scripting startServer command

 

---

 

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.