Wim,
Only part of your question, of course.
We have a way to prevent database shutdown hanging.
Since most databases prefer to be started and shut by their own management account anyway, we decided to do it that way for all of them, even if not required.
Create a batch job, to be submitted to an account suitable to shut down the database.
The first thing the job does, is spawn a "suicide procedure".
This procedure determines the ID of its parent, and waits a specified time.
If the batchjob finishes before that time, the subprocess is just terminated.
If the timer expires, the subprocess does STOP/ID for the parent.
The master shutdown routine synchronises for the various batchjobs, inspects the final status and if needed takes action.
That could in your case maybe CRASH the database???
--- your restart must obviously be able to cope with that anyway, because if your machine crashes hard you will also have to recover from your crash.
All you have reached by this, is preventing your database shutdown to hang for too long a time.
-- we implemented this mainly for our daily backups. We have some databases without online-backup facility, and our user organisation prefers a few minutes downtime each night over a doubtfull backup.
But when a shutdown may take so many hours that A. the database allows no new users nor transactions and B. the real backup functionality starts running at daytime, taking away much of the user performance, then you have to find a way around it.
Now our suicide routine also has the option to send a pager message to the systemmanager-of-duty, so (s)he can check the offending database, and take whatever action is required.
Bottom line: timed-delayed suicide for hanging shutdowns, if needed followed by hard ( = kill ) measures.
hth
Jan
Don't rust yours pelled jacker to fine doll missed aches.
