I'm still scratching my head over this situation...
You see, we have 3 RW DCs in the HQ, and 1 RODC on every branch sites (50+ locations).
During startup, a script will pull in some files from \\example.com\SYSVOL\example.com\Common\Data
But we have been experiencing bandwidth overload. A traffic analysis indicated that lots of clients in the Branch Sites were trying to access the SYSVOL located in the RW DCs.
E.g.: If the RW DCs are 10.1.0.15, 10.2.0.15, and 10.3.0.15, and site 'X' has a subnet of 10.27.0.0/16 (with its RODC at 10.27.0.15), clients at site 'X' seem to insist on accessing \\10.1.0.15\SYSVOL or \\10.2.0.15\SYSVOL or \\10.3.0.15\SYSVOL; they seem to be ignoring the RODC completely.
What is going on here? Where should I start investigating what went wrong?
BTW, I'm already using DFS-R, and replication have been going on successfully; I can put a small 'canary' file on one of the RW DCs, and within minutes all the RODCs will have successfully replicated the 'canary' file.
Additional Information: If I try doing nslookup example.com, I get only the addresses of the RW DCs. None of the RODCs' addresses appear.
Secondary Question: What if I add the addresses of the RODCs manually into the DNS? Will I be casing trouble?
You need to define these sites and subnets in Active Directory Sites and Services and the assign the Read Only Domain Controllers to the specific sites.
I wonder if you're seeing the behavior described in this article where clients issue DNS requests w/o the site when the DC locator code runs. It would be interesting to sniff the traffic coming out of a client when it boots to see what the DNS queries coming from the client look like. The wording in that article is less than helpful ("If this issue occurs in an environment in which only the hub DCs for the site-less SRV records are registered in DNS, and if the client computer's remote branch site is disconnected from the hub site, then the client computer cannot locate a DC.") but it's worth a shot.
I assume you haven't changed the default "PreferLogonDC" and "SiteCostedReferrals" settings (both of which are sane defaults in W2K8). If you have, look into changing them back to sane settings.