Process Overview:

1. Shutdown all DLP services. (see Windows, see Linux)
2. Change the database password within Oracle.
3. Verify the new password.
4. Change the password on the Enforce server.
5. Start the DLP services.
6. Log in to the Enforce UI.

NOTE:

To avoid an account lock-out, if you are unable to stop ALL the services, run the DBPasswordChanger utility as soon as possible after the Oracle Data Loss Prevention account password is changed. If a lock-out does occur, see the article: "ORA-28000: the account is locked" for resolution.

Example:

• DLP Administrator password is rhubarb
• New Oracle protect user password is potato

Detailed steps for 2-4 above:

Changing the database password for the protect account on Oracle:

IMPORTANT: Be sure to follow the guidelines for acceptable passwords in the article: Password guidelines for the Oracle 'protect' user

- Collect the connection string from Jdbc.properties

Open Jdbc.properties at 
Windows:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config
Linux:/opt/Symantec/DataLossPrevention/EnforceServer/xx.x.xxxx/Protect/config

Copy the last line in the file, starting after the "@" symbol.
This is the connection string we will use in the following steps. 

- Start a sqlplus session:

sqlplus /nolog

- Login as protect user (if current password is known) OR sysdba (if current password is unknown):
SQL> connect protect@<paste oracle connection string from Jdbc.properties file> (connect sys as sysdba)
    (Enter the password when prompted.)

- Change the protect password to potato:
SQL> alter user protect identified by potato;
 

- Verify the password change:
SQL> conn protect@<pasted connection string>/potato

- Exit sqlplus:
SQL> exit

 

Changing the password for the protect account used by the Enforce server:

NOTE: The examples assume a Windows installation; for Linux, substitute the appropriate paths (e.g. /opt/Symantec/Protect/bin)

- Start a command shell and change to the bin directory:

cd "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\bin"

- Change the Oracle password in the configuration file:

The syntax for DBPasswordChanger is:

DBPasswordChanger <PasswordFilePath> <New Oracle Password>

So:

DBPasswordChanger "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\DatabasePassword.properties" potato

Linux Red Hat Environments 

1. Change to directory /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/bin/

2. Run the command: ./DBPasswordChanger ../config/DatabasePassword.properties potato

This was successful when you see:

Password changed

Note - While running DBPasswordChanger tool command, filename is case sensitive. "DatabasePassword.properties" should be entered keeping case sensitivity as it is. Otherwise, command output will show as "Password changed", but in reality, password will not be changed and it will cause account lockout for Oracle user.