I have encountered a strange situation between 2 DC´s. One could be considered the good DC, and appears to be working well. It is also the DHCP and DNS server. There is a second DC which has been promoted today, and also has WSUS installed.
The problem is that the second DC just cannot register it´s service records on the first DC, specified in the NIC properties on both DC´s. There is no external IP DNS record specified in either NIC.
The above problem has been registered on the bad DC, for each one of its service records, with the "DNS Operation Refused" message appearing at the bottom of the message. Restarting netlogon on the server reproduces the errors. It is possible to send pings to each server in both directions, and both DCs have their firewalls disabled. There is no firewall between the DC´s.
In sites and services on the good DC, it is not possible to replicate to the other PC, it just produces the "The naming context is in the process of being removed or is not replicated from the specified server."
In the DNS diagnostic logging, there are repeated entries saying "0580 refused."
The forward lookup zone for the domain and all other ones are AD integrated, and allow secure updates only.
Both DC´s are Windows Server 2003, one with SP1 and the other with SP2 (can´t remember which is which.)
The bad DC also registers KCC 1308 and Userenv 1053 errors.
It is possible to access the Netlogon share on the good DC from the bad DC.
I´d be greatly obliged if anyone can help me with this, because meantime there is no replication and no redundancy in the AD.