demoted server still authenticating kerberos

[Simon]

Hello all,

I have demoted a DC in our windows 2000 domain but it
still handles kerberos authentication when users logon to
SQL through our access front end application.

If I turn off the server users cannot connect (or it
takes an age.) The demoted server used to be our PDC but
all the key roles were migrated before DCPromo ran and
demotion seemed to work correctly

Any help would be greatly appreciated... 2 days solid
now...

Many thanks, Simon.

 

[Jimmy Andersson [MVP]]

Did you demote it with dcpromo? It sounds like some pointers still exist in
AD, you might want to check it out with ntdsutil. And if necessary, do a
metadata cleanup and/or manually cleanup DNS and AD.

Regards,
/Jimmy

 

[Simon]

Yes we used DCPromo and I had been through DNS etc and
removed all of the pointers to the old server.

However, I agree that the problem must be somewhere in
the AD. We have now disabled any AD related services and
I tried using the NTDSUTIL to clear it up - I will let
you know after we have tested it,

any further suggestions would be welcomed - the problem
may be something to do with Kerberos tickets???

many thanks, Simon.

 

[Jimmy Andersson [MVP]]

Let us know after you done a metadata cleanup.

Regards,
/Jimmy

 

[Simon]

Still having touble even though I can find no reference
to the demoted server anywhere withing active directory
or within the registry of the SQL cluster machines.

Is there any way of instructing a server not to handle
logon / log off events?

As always any response is appreciated,

Rgds, Simon.