Problem with one site - rodc issue

Hi All,

I hope you will help me with my problem, because I have spent hundred hours to find what is going on...

topology is 2 hub and spoke, root and 3 domains, 50+ domain controllers, 50+ sites , and one of them is very strange...

it was a site without domain controller - small site, file server and 10 computers, there was a problem that clients could not find proper domain controller to authenticate (nltest failed,

"No authority could be contacted for authentication.

 (0x80090311)"

Other users from different sites could login without problems. What I have done, was to assign this subnet to site in datacenter, and it helped, users were able to refresh gpo etc. But after several days the same problem appear, reassigning subnet back to site without DC resolved a problem, but again only for few days

I decided to install RODC there, I hoped that it will resolve a problems, and improve performance. And it did, but only for another several days.

Today I found events:

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Date:          2013/02/18 10:24:35
Event ID:      4016
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      JPTOK-FS01.ap.root.net
Description:
The DNS server timed out attempting an Active Directory service operation on ---.  Check Active Directory to see that it is functioning properly. The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
    <EventID Qualifiers="49152">4016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-18T01:24:35.000000000Z" />
    <EventRecordID>544258</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DNS Server</Channel>
    <Computer>JPTOK-FS01.ap.root.net</Computer>
    <Security />
  </System>
  <EventData Name="DNS_EVENT_DS_LDAP_TIMEOUT">
    <Data Name="param1">---</Data>
    <Binary>55000000</Binary>
  </EventData>
</Event>



Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2013/02/18 10:45:18
Event ID:      1435
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      JPTOK-FS01.ap.root.net
Description:
The Knowledge Consistency Checker (KCC) encountered an unexpected error while performing an Active Directory Domain Services operation. 

Operation type:
KccSearch 
Object distinguished name:
CN=NTDS Settings,CN=JPTOK-FS01,CN=Servers,CN=Tokyo,CN=Sites,CN=Configuration,DC=root,DC=net 

The operation will be retried at the next KCC interval. 

Additional Data 
Error value:
0 No Error.

Internal ID:
f04079c
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS KCC" />
    <EventID Qualifiers="32768">1435</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-18T01:45:18.321109500Z" />
    <EventRecordID>3537</EventRecordID>
    <Correlation />
    <Execution ProcessID="540" ThreadID="1072" />
    <Channel>Directory Service</Channel>
    <Computer>JPTOK-FS01.ap.root.net</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>KccSearch</Data>
    <Data>CN=NTDS Settings,CN=JPTOK-FS01,CN=Servers,CN=Tokyo,CN=Sites,CN=Configuration,DC=root,DC=net</Data>
    <Data>0</Data>
    <Data>f04079c</Data>
    <Data>No Error.
</Data>
  </EventData>
</Event>

and few more related to problem with replication from one site, where DC is off

I have manually configured to replicate this rodc with 2008r2 server from the same domain, and it was ok, suddenly rodc cannot run repadmin /bind command, ldap error time out, other servers can do this , there is no time out.

what is also strange my dcdiag results are little different depends on server I am running command.

I will reply on every questions you have...

regards