Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
search cancel

Error: "ORA-28000: the account is locked" in Symantec DLP Enforce

book

Article ID: 160068

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

One of these messages appears in Symantec Data Loss Prevention (DLP) Enforce.

  • Oracle Protect account locked. 
  • Oracle Alert log: “ORA-28000: the account is locked"
  • IncidentPersister0.log Or MonitorController0.log: ORA-01017: invalid username/password; logon denied.

Cause

Oracle locks the DLP user account (default is PROTECT) after too many failed attempts to log in to DLP Enforce. This can occur during installation or when the DLP user account password was changed in the DB but not in the Enforce configuration.

Resolution

There are two ways to unlock the Oracle database account: 

  • From the command line using SQL*Plus
  • From the Oracle Enterprise Manager (not everyone will have access to this method)

 

A. Unlock from the command line using SQL*Plus

  1. Load SQL*Plus.  'sqlplus /nolog' from command prompt.
  2. Connect to the database as sysdba.  'connect sys as sysdba'
  3. Check what is locked and what is not locked with the following command:
    select account_status from dba_users where username='[username]';

    e.g.
    select account_status from dba_users where username='PROTECT';
    Note: Remember to add the semicolon or the command will not execute.

  4. To unlock the [username] (without brackets) account, enter the following command:
    alter user [username] account unlock;

    e.g.
    alter user PROTECT account unlock;
  5. Rerun step 2 to verify success.

 

B. Unlock using Oracle Enterprise Manager, if you have access.

  1. From the Oracle Enterprise Manager, select Network > Databases > Security > Users
  2. Edit the protect user, then select the unlocked radio button.

Additional Information

If you need to CHANGE the "Protect" password, please refer to the KB article below which will walk you through that process:

https://knowledge.broadcom.com/external/article?articleId=159992