Share point Authentication to ODR takes 10+ minutes to be successful

I have been having some issues with 10.4.11 OD replica server that I inherited a while back. Last week users began to have problems logging in to file shares (both AFP and SMB ). The auth would not time out, but we found that if you let it run, it would eventually connect 10 - 15 minutes later. A bounce of the server would let it respond normally again for a little while. I called Apple about this and their recommendation was to demote the ODR to stand-alone, reboot, and promote it again to ODR. This at first had looked promising... but this morning the problem is back again. Some of the things I've noticed... [b]DNS:[/b] * I can perform reverse lookup through nslookup, but not with dig * DNS lives on windows server and has correct forward and reverse entries [b]PasswordService.Error.log[/b] [color=red]I see the following errors on Saturday afternoon which is when I brought the server back up after dropping the replica[/color] * Mar 14 2009 13:45:49 Listener exception error: -1. * Mar 14 2009 13:47:08 LauchTaskWithIO path = /usr/sbin/kadmin.local, arg1 = -q, arg2 = add_principal +requires_preauth vpn_756d4e7ad6a6, status = 1 [b]Console Log:[/b] [color=red]This was happening before and after the re-promotion - a huge amount of these:[/color] * Mar 16 06:55:48 [i]servername[/i] /usr/sbin/PasswordService: client response doesn't match what we generated [color=red]After the re-promotion... messages like this seem to have started showing up:[/color] * CoreEndianFlipData: error -4940 returned for rsrc type DITL (id 134, length 125, native = no) * CoreEndianFlipData: error -4940 returned for rsrc type cicn (id 1099, length 290, native = no) [color=red]I believe these to be from NetVault Replicator... I really want to get rid of this thing, it will need to wait though[/color] [b]On the Master which is also 10.4.11, in Server Admin I see:[/b] Replicas [i]ipaddress[/i] Error (see /var/run/openldap-slurp/replica/[i]ipaddress[/i].reg looking at [i]ipaddress[/i].reg I see... [quote]ERROR: No such attribute: modify/delete: apple-ldap-replica: no such value replica: [i]ipaddress[/i]:389 time: 1237063208.0 dn: cn=ldapreplicas,cn=config,dc=[i]server[/i],dc=[i]domain[/i], dc= changetype: modify delete: apple-ldap-replica apple-ldap-replica: ldap://[i]ipaddress[/i] - replace: entryCSN entryCSN: 20090314204008Z#000001#00#000000 - replace: modifiersName modifiersName: uid=diradmin,cn=users,dc=[i]server[/i],dc=[i]domain[/i],dc= - replace: modifyTimestamp modifyTimestamp: 20090314204008Z[/quote] I figure I will call Apple again today, but I was wondering if anyone has been able to resolve a similar issue. Thank you for any suggestions, kennyj