Error: "ORA-28000: the account is locked" in Symantec DLP Enforce


Article ID: 160068


Updated On:


Data Loss Prevention Enforce Data Loss Prevention


One of these messages appears in Symantec Data Loss Prevention (DLP) Enforce.

  • Oracle Protect account locked. 
  • Oracle Alert log: “ORA-28000: the account is locked"
  • IncidentPersister0.log Or MonitorController0.log: ORA-01017: invalid username/password; logon denied.


Oracle locks the protect user account after too many failed attempts to log in to DLP Enforce. This can occur during installation or when changing a password.


There are two ways to unlock the Oracle database account: 

  • From the Oracle Enterprise Manager 
  • From the command line using SQL*Plus

Unlock using Oracle Enterprise Manager

  1. From the Oracle Enterprise Manager, select Network > Databases > Security > Users
  2. Edit the protect user, then select the unlocked radio button.

Unlock from the command line using SQL*Plus

  1. Load SQL*Plus. 
  2. Check what is locked and what is not locked with the following command:
    select username,account_status from dba_users;
    Note: Remember to add the semicolon or the command will not execute.

  3. To unlock the [username] (without brackets) account, enter the following command:
    alter user [username] account unlock;
  4. Rerun step 2 to verify success.