When resetting a password for an Oracle account the error “ORA-20001” and “ORA-06512: at line 97” are displayed in the results log.
This error is due to how the appliance performs the 2-part password change. The appliance first sets it using the functional account to a random value and expire it (this is sent in clear text.) We then create a second connection using the account, specifying the old password (the one we just set) and the new password – this is encrypted. It appears the account being changed when the error occurs does not have permission to create a session – that is what this failure may be.
WORKAROUND 1: Try using tunneling instead – there we simply issue the “alter user…” command, since it is going through the encrypted tunnel.
WORKAROUND 2: Ensure the account has correct permissions to change the password.