Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
Article ID: 160068
Data Loss Prevention Enforce
Data Loss Prevention
One of these messages appears in Symantec Data Loss Prevention (DLP) Enforce.
- Oracle Protect account locked.
- Oracle Alert log: “ORA-28000: the account is locked"
- IncidentPersister0.log Or MonitorController0.log: ORA-01017: invalid username/password; logon denied.
Oracle locks the protect user account after too many failed attempts to log in to DLP Enforce. This can occur during installation or when changing a password.
There are two ways to unlock the Oracle database account:
- From the Oracle Enterprise Manager
- From the command line using SQL*Plus
Unlock using Oracle Enterprise Manager
- From the Oracle Enterprise Manager, select Network > Databases > Security > Users.
- Edit the protect user, then select the unlocked radio button.
Unlock from the command line using SQL*Plus
- Load SQL*Plus.
- Check what is locked and what is not locked with the following command:
select username,account_status from dba_users;
Note: Remember to add the semicolon or the command will not execute.
- To unlock the [username] (without brackets) account, enter the following command:
alter user [username] account unlock;
- Rerun step 2 to verify success.