For security reasons or you just forget about password expiration and users got locked, you may need to change passwords of users: sysman and dbsnmp. It is not as easy as changing as user's password, but it's so hard either. Here are the steps:

1. Logon to your server as software owner, probably oracle

2. If ORACLE_UNQNAME is not set properly:

$ export ORACLE_UNQNAME = <db_name>

3. Stop DB Console

$ emctl stop dbconsole

4. Open SQLPlus as sysdba 

SQL> conn / as sysdba
SQL> alter user sysman identified by new_password;
SQL> alter user dbsnmp identified by new_password;

If user(s) got locked:

SQL> alter user sysman account unlock;
SQL> alter user dbsnmp account unlock;

5. To change sysman's password for DB Console edit config file:

If it is a RAC environment
$ cd /u01/app/oracle/product/11.2.0/dbhome_1/<node_name>_<db_name>/sysman/config/

If it is a single instance:
$ cd /u01/app/oracle/product/11.2.0/dbhome_1/sysman/config

Open file with your favorite text editor and change the lines:
orcle.sysman.eml.mntr.emdRepPwdEncrypted=FALSE (Change it from TRUE to FALSE)

Don't worry because of writing password in plain text to a file, all the password you've written down will be encrypted and the property emdRepPwdEncrypted will turn into TRUE again when you start DB Console.

6. To change DBSNMP's password:

If it is a RAC environment
$ cd /u01/app/oracle/product/11.2.0/dbhome_1/<node_name>_<db_name>/sysman/emd/

If it is a single instance:
$ cd /u01/app/oracle/product/11.2.0/dbhome_1/sysman/emd

Edit targets.xml file for every appearance of statement below, except the one for ASM.
Change encrypted from TRUE to FALSE
    <property name="password" value="new_password" encrypted="FALSE"> 

It's the same case for plain text and encryption  just like previous step.

7. Start DB Console:

$ emctl start dbconsole

8. You can check the files you edited to see passwords got encrypted.