Step by Step procedure for disabling DB Vault when you forgot the password for DBV owner in 11gR2

1. Shutdown the database

SQL> shut immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL>

2. Stop the dbconsole

[oracle@vm1 ~]$ emctl stop dbconsole

Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0

Copyright (c) 1996, 2011 Oracle Corporation.  All rights reserved.

https://vm1:5500/em/console/aboutApplication

Stopping Oracle Enterprise Manager 11g Database Control ...

all attemps to stop oc4j failed... now trying to kill 9

--- Failed to shutdown DBConsole Gracefully ---

 ...  Stopped.

 3. Stop the listener

 [grid@vm1 ~]$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 04-MAR-2014 16:20:26

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))

The command completed successfully

For Oracle RAC installations, shut down each database instance as follows:

$ srvctl stop database -d db_name

4. Disable the Audit vault

[oracle@vm1 ~]$ cd $ORACLE_HOME/rdbms/lib

[oracle@vm1 lib]$ make -f ins_rdbms.mk dv_off

/usr/bin/ar d /u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/libknlopt.a kzvidv.o

/usr/bin/ar cr /u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib/kzvndv.o

[oracle@vm1 lib]$ cd $ORACLE_HOME/bin

[oracle@vm1 bin]$ relink all

writing relink log to: /u01/app/oracle/product/11.2.0/dbhome_1/install/relink.log

5. Start the database, listener and dbconsole

SQL> startup

ORACLE instance started.

Total System Global Area  263049216 bytes

Fixed Size                  2227456 bytes

Variable Size             222298880 bytes

Database Buffers           33554432 bytes

Redo Buffers                4968448 bytes

Database mounted.

Database opened.

[grid@vm1 ~]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 04-MAR-2014 16:32:20

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Starting /u01/app/grid/product/11.2.0/grid/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.3.0 - Production

System parameter file is /u01/app/grid/product/11.2.0/grid/network/admin/listener.ora

Log messages written to /u01/app/grid/diag/tnslsnr/vm1/listener/alert/log.xml

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vm1)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))

STATUS of the LISTENER

------------------------

Alias                     LISTENER

Version                   TNSLSNR for Linux: Version 11.2.0.3.0 - Production

Start Date                04-MAR-2014 16:32:21

Uptime                    0 days 0 hr. 0 min. 10 sec

Trace Level               off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Parameter File   /u01/app/grid/product/11.2.0/grid/network/admin/listener.ora

Listener Log File         /u01/app/grid/diag/tnslsnr/vm1/listener/alert/log.xml

Listening Endpoints Summary...

  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vm1)(PORT=1521)))

The listener supports no services

The command completed successfully

[oracle@vm1 bin]$ emctl start dbconsole

Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0

Copyright (c) 1996, 2011 Oracle Corporation.  All rights reserved.

https://vm1:5500/em/console/aboutApplication

Starting Oracle Enterprise Manager 11g Database Control ............... started.

------------------------------------------------------------------

Logs are generated in directory /u01/app/oracle/product/11.2.0/dbhome_1/vm1_noasmdb/sysman/log

6. Now, login to the database and check whether db vault is disabled.

SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

PARAMETER                                                        VALUE

---------------------------------------------------------------- ----------------------------------------------------------------

Oracle Database Vault                                            FALSE

7. Change the password for the user.

SQL> alter user dbvowner identified by dbvowner_test_14;

User altered.

If the version is prior to 11gr2, we need to perform the below steps to disable the db vault.

8. Run the DVCA utility (actual disable)

dvca -action disable

  -oh Oracle_home_directory

  -service service_name

  -instance Oracle_instance_name

  -dbname database_name

  -sys_passwd SYS_password

  -owner_account DV_owner_account_name

  -owner_passwd DV_owner_account_password

  [-logfile ./dvca.log]

  [-nodecrypt]

  [-racnode node]

 

 

./dvca -action disable -oh /u01/app/oracle/product/11.2.0/dbhome_1/ -service noasmdb -instance noasmdb -dbname noasmdb -sys_passwd sys -owner_account DBVOWNER  -owner_passwd dbvowner_test_14 -logfile dvcadisable.log

If you try to run the above command in 11gR2, you will get following error.

Exception in thread "main" java.lang.Exception: Version mismatch!

        at oracle.security.misc.C08.a(C08)

        at oracle.security.misc.Checksum.SHA(Checksum)

        at oracle.security.datval.dvca.util.StringUtil.d(StringUtil.java:521)

        at oracle.security.datval.dvca.CommandArguments.processArguments(CommandArguments.java:1093)

        at oracle.security.datval.dvca.Dvca.startCA(Dvca.java:75)

        at oracle.security.datval.dvca.Dvca.main(Dvca.java:282)