I have one test replica setup:
Server 1 - Windows 2008 SP2. Primary data source. Referral is enabled.
Server 2 - Windows 2008 R2 SP1. "secondary" data source". Referral is disabled and folder target is read-only.
The servers are in two different AD sites. No firewalls at the moment. I have no applied the hotfixes mentioned in this KB, as I am paranoid and do not experience any of these issues (so far): http://support.microsoft.com/kb/968429. Domain and Forest are in 2008 R2 native functional levels. DFSR Namespace mode is Domain (Windows Server 2008 mode).
Writing to server1 replicates the data to server 2 without issues. As expected, the DFSRO system driver prevents me from writing to Server 2. There is no sync backlog when checking with this script: http://blogs.technet.com/b/isrpfeplat/archive/2010/10/02/inspecting-pending-outbound-changes-between-two-dfsr-replicas.aspx
However, I see this on server 2:
20120814 09:33:42.034 5052 SRTR 957 [WARN] SERVER_EstablishSession Failed to establish a replicated folder session. connId:{05DB3129-3E87-4C0A-AA39-9DE4998B83B1} csId:{F75ADA6C-025E-4C94-8F8A-F0A634F61ABF} Error:
+[Error:9077(0x2375) UpstreamTransport::EstablishSession upstreamtransport.cpp:808 5052 C Cannot establish upstream partner with a read only content set]
And this on server 1 in my DFSR logs:
+[Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 8992 C A failure was reported by the remote partner]
+[Error:9077(0x2375) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 8992 C <Missing String>]
20120814 09:12:21.725 8992 INCO 2705 InConnection::ProcessErrorStatus (Ignored) Remote error connId:{05DB3129-3E87-4C0A-AA39-9DE4998B83B1} Error:
+[Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:4005 8992 C A failure was reported by the remote partner]
+[Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 8992 C A failure was reported by the remote partner]
+[Error:9077(0x2375) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 8992 C <Missing String>]
Really annoying. Everything seems to work fine, but it is polluting my logs and I would like to know what I can do to get it to stop. It seems the read-only server is still trying to create outbound connections, but it shouldn't be. DFSR event log is clean as a whistle. When I switched server 2 to read-only I couldn't view the replication group details from server 1 which I am sure is behaviour by design. DFSR services have been restarted on both ends.
Any thoughts? There is no backlog on either end, so I didn't install this hotfix on server 2: http://support.microsoft.com/default.aspx?scid=kb;EN-US;2285835 but I am thinking I may need to....