javaoracle-databasejdbctomcat6ora-01017

Oracle JDBC : invalid username/password (ora-01017)


I have a strange problem with jdbc connection to an oracle database server.

We've applications on a tomcat server running. These application use an oracle database. All applications use the same credentials.

Applications running fine the whole day. At night there is no activity. In the morning we get a few (2 or 3) ORA-01017 (invalid username/password) errors when the applications trying to reconnect themselves to the database.

Then reconnection works and the applications will operate normal.

This works for some days (around 5 days) and then one or more of the application block! All reconnection attempts fail.

We've traced network communication and found that if the connection fails with ORA-01017 NO CREDENTIALS where sent.

Of course no one touches the system at night.

One attempt for a workaround is that we restart the tomcat server every morning at 6 o'clock to clean up every connection cache or pool. It does not help.

Whats wrong? Any ideas?

The continued 5 day interval in the appearance of a total blockage (while restating every day) looks very strange to me.

Config :

Database Oracle 10.2, JDBC Driver 11.2 thin, tomcat 6.0.24, JDK 6, OS is windows, some of the applications are Dialogs for the Avaya Voice Portal 5.0.

Our own (non VP) applications use simple Connections (no pooling).


The system was originally setup on a Windows 2003 server with a WAN between apserver and tomcat server.

The system is now migrated to a linux (CentOS) server near the database server and works fine. No ORA-01017 anymore.


Solution

  • Odd. Some ideas:

    1. Log the user name and password for a few days just to make sure they are correct. Some bug in the code might overwrite a value that you don't expect.

    2. Consider to use JNDI with a connection pool provided by Tomcat. DBCP has some really advanced options to check whether a connection is still alive and how to reconnect it. After that, you shouldn't see any connection related issues in your logs anymore. This would also improve security because none of the apps need to know the DB password anymore.

    3. It might be a problem with resource leaks (happens if an app never returns the connection) but I'd expect a different error message, then.

    4. Some databases (DB2, H2) allow to create views that make remote tables from other databases visible like local tables. Not sure whether Oracle supports this but if it does, then maybe the user name/password for this remote table is wrong.

    Also consider the points in this blog post: Oracle ORA-01017 tips

    At first glance, nothing in the post could cause your problems but maybe some script is manipulating the tnsnames.ora (for example distributing a new copy).

    Or the DBA disabled all users for the time of the daily backup.