Replication issue between two servers, one SBS 2008

Running an SBS 2008 server for a client, who added a new office. I set up a Windows 2008R2 server at the new office, which was promoted to domain controller and GC (logon) server.

Both servers are connected via VPN and we can ping both over this. However, something is wrong with the AD replication: the logs on both have KCC 1311 errors in eventlog:

The Knowledge Consistency Checker
(KCC) has detected problems with the
following directory partition.
Directory partition:
CN=Configuration,DC=xxxxxxxxx,DC=local
There is insufficient site
connectivity information for the KCC
to create a spanning tree replication
topology. Or, one or more directory
servers with this directory partition
are unable to replicate the directory
partition information. This is
probably due to inaccessible directory
servers.

The Sites and Services setup is correct with the right subnets. If I add sitelink items on one server these get replicated to the remote server's info.. so something is getting replicated! DNS changes also get replicated. So I am confused – IS there a problem or isn't there?

When I tried to set up a DFS root on the SBS box and create a namespace on the remote server (from the SBS console) it fails with "Semaphore timeout".

We also discovered the other day that the 'Remote' site used for remote access and OWA isn't accessible from the new Win2008R2 server:

e.g. ping remote gives the correct IP address and responds:
browsing to https://remote.xxxx.local starts but never actually gets through to the remote website (nothing appears on IIS logs). The same site works on the local LAN to SBS and externally from internet locations.

I have tried the various ADutils to test connectivity which all say it's fine.

So something is definitely wrong with the connectivity somewhere but we can't figure out what it is or where it is.