In a post made to http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/058e2257-aa41-4220-8242-2b3d1d921ef3 I referred to the above problem. I would be grateful if you could have a look at that posting for furtherinfo. That particular issue has aparently resolved itself only to be replaced with a similar problem involving a secondary forward zone. Symptoms are the same. The server for the primary zone reports transfer complete in the event log, but the recipient logs 01/09/2010 08:55:12 03E4 PACKET 000000000249E0A0 TCP Rcv 172.30.7.142 0000 R Q [0580 REFUSED] AXFR (5)admin(2)sb(5)local(0) in the debug log. Any help most appreciated.

Hi, the server with error is always Untrusted2 ? there are errors in event viewer on Untrusted2, section system end/or DNS ?Edoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org

Thanks your response. The server with the error is in the "untrusted" domain. The other "untrusted DC/DNS server" seems to be getting zone upates. There are no errors in the event log of the failing server. As per previous this problem seems to vary at first it was a reverse secondary zone, now its a forward secondary zone. The requesting server logs Failed transfer of zone admin.sb.local from DNS server at 172.30.7.142. The DNS server at 172.30.7.142 aborted or failed to complete transfer of the zone. Check the DNS server at 172.30.7.142 and ensure it is properly functioning and authoritative for zone admin.sb.local 172.30.7.142 is authoritative for the zone and has zone transfers to 'ANY' enabled. Regards,

the only cause for which a packet can be refused in zone transfer between two dns server is that, for some reason, a "secure transfer" is required and transfer is not compliant. ref: http://technet.microsoft.com/en-us/library/cc781101(WS.10).aspxEdoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org

Hi Edoardo, Thabks your response, this issue had us completely stumped, especially its intermittant nature. However our customer has now told me that they were also experiencing other networking problem symptoms since migrating from Server 2003 to 2008. One in particular started as intermittant but had today gone solid. (This was RDP access across the router connecting the 2 VLANs). They sent us the result of a network sniffer that we asked for and this indicated that packets were getting lost on the router. Inspection of the (Cisco) router config indicated that it was doing stateful packet inspection. After disabling this the RDP and the DNS problems have gone away. So it would seem that there are slight differences in the protocol sequence between 2003 and 2008 servers. Regards,