which suggests that only W2K8R2 machines can be managed from the same OS, and only W2K3 machines can be managed by older OS's.
Which is a pain.
I understand the following would "fix" Server 2008 R2, but by running this you are effectively exposing DNS to man in the middle attacks:
dnscmd.exe /Config /RpcProtocol 7
dnscmd.exe /Config /RpcAuthLevel 0
I have not attempted this to be able to confirm that it works.