Re: Time allowed for service shutdown
From: Gary Chanson (gchanson_at_No.Spam.TheWorld.net)
Date: 03/13/04
- Previous message: Gary Chanson: "Re: DLL initialization time"
- In reply to: Martin Kochanski: "Time allowed for service shutdown"
- Next in thread: Martin Kochanski: "Re: Time allowed for service shutdown"
- Reply: Martin Kochanski: "Re: Time allowed for service shutdown"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 13 Mar 2004 11:30:18 -0500
"Martin Kochanski" <nothing@nobody.net> wrote in message
news:4052FEBC.200A52D7@nobody.net...
> I note that it isn't possible for a system service to take as much time
> as it needs when shutting down.
>
> During a system shutdown, the SCM asks the service to stop, and the
> service (if it is taking a long time stopping) can tell the SCM from
> time to time "it's OK, don't worry, I really am shutting down". However,
> the SCM itself is only allowed to take WaitToKillServiceTimeout
> milliseconds before it is terminated.
>
> BUT (as quoted from Inside Windows 2000): "After the SCM has directed
> services to shut down and is waiting for the services to exit, CSRSS
> waits for the SCM to exit. If the WaitToKillServicesTimeout expires
> before the SCM exits, CSRSS simply leaves running those services... that
> fail to shut down in a timely manner as the system shuts down.
> Unfortunately, administrators have no way of knowing whether they should
> raise the WaitToKillServicesTimeout value on systems on which services
> are not getting a chance to completely shut down before the system shuts
> down".
>
> I'm working on a database manager service which batches and delays index
> requests in order to improve performance. Most of the time it will shut
> down very fast indeed, but if it happens to be caught with a million
> index requests in its buffer, it could take a minute or two for the
> indexing to be performed. According to the above description, Windows
> will halt this process halfway through and leave the databases in a
> corrupted state.
>
> I have read the earlier thread ("System Shutdown Logic Documentation",
> 22-Aug-2003) and I understand the reasoning behind Microsoft's design
> decision. What I'm wondering is how (a) software developers and (b)
> users actually deal with this problem in the real world.
>
> From the developer side, I'm thinking of setting a flag in the database,
> at the start of shutdown, to say "this database index is corrupted
> because Windows terminated the service too soon", then doing the
> indexing, then unsetting the flag. This at least means that we can
> detect when the problem occurs. What do other people think of this idea?
>
> From the user side, things are more difficult. You could imagine a
> conversation between a system manager and a software developer that goes
> something like this:
>
> MANAGER: I keep getting these messages saying Windows shut down too
> soon. What do I do about them?
> DEVELOPER: Increase WaitToKillServiceTimeout.
> MANAGER: To what value?
> DEVELOPER: No-one knows.
> MANAGER: !!!!!!!
>
> So - how *do* developers explain to users how to stop their shiny new
> Windows box from corrupting their data?
It's possibly even worse then this. There have been reports that the
SCM timeout is hardwired and raising WaitToKillServiceTimeout is
ineffective.
The proper way to deal with this is not to allow the situation to occur
in the first place. The manager can't prevent the corruption and the
developer should fix his program so that it can't happen.
-- -GJC [MS Windows SDK MVP] -Software Consultant (Embedded systems and Real Time Controls) - http://www.mvps.org/ArcaneIncantations/consulting.htm -gchanson@mvps.org
- Previous message: Gary Chanson: "Re: DLL initialization time"
- In reply to: Martin Kochanski: "Time allowed for service shutdown"
- Next in thread: Martin Kochanski: "Re: Time allowed for service shutdown"
- Reply: Martin Kochanski: "Re: Time allowed for service shutdown"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
