I am trying to setup DFS-R where one of the DFS-R members in in the DMZ, and the only available DCs in the DMZ are read-only (RODC). I do have the firewall opened up to allow traffic from the server in the DMZ to access the DFS-R source server on TCP/135, 445, 61111 (static DFSR RPC port) and 64401 (unknown service at this time). From what I gather from the error message in my DFS-R Diag Report, is that the DFS-R member is trying to write something to AD, but it can't because it can only talk to RODC. Is there a way that I can manually make this change to AD via ADSIEDIT? What exactly would I need to change? Is there another way to make this work?

The DFS Replication service failed to update configuration in Active Directory Domain Services. This operation will be retried in the next polling cycle. The service attempted to connect to domain controller and failed with error ID: 1355 (The specified domain either does not exist or could not be contacted.). Additional information includes object category: msDFSR-LocalSettings and object DN: CN=DFSR-LocalSettings,CN=MYSERVER,OU=DMZ,OU=Servers,DC=contoso,DC=com. Replication may be disabled until this error is fixed. Event ID: 6016