Some lessons are learned once, some you learn over and over and over again. Case in point:
A client needed assistance installing an SBS 2003 server into an existing Windows 2003 domain. He had looked at the documentation in the Microsoft KB 884453 but decided he wanted my assistance with the process. So I get to the site and start going through the process.
There’s one key piece of information missing from the KB, however, when you use the SPS 2003 SP1 integrated installation media. When installing the server portion, the setup enables the Windows firewall on the NICs in the server so that no bad stuff can get in. This is a wonderful change from the original install media where you really had to disconnect the NICs from any live network when doing the install to make sure that the box didn’t get hammered by Blaster of Slammer or any other other threat that was protected against with SP1. But I overlooked it. So when I did the dcpromo, the box came up into the network correctly. When I installed DNS, it installed correctly. But I could not get the two DCs to replicate.
Fortunately my friend Wayne helped me find what should have been an obvious step in the process for me - can you ping both machines by FQDN from each other? I could ping the existing server from the new server, but the old server could not ping the new server. When I went in and disabled the Windows Firewall on the NIC in the new server, replication started happening immediately and the remainder of the installation process finished successfully.
So add this one to your hat - when you follow MS KB884453 and you’re using SBS 2003 SP1 integrated installation media, you need to turn off the Windows Firewall on the NICs to let replication complete.