Just for the record - I am not a Symantec employee !!
I am pretty sure that this issue has been aired before in these forums but I don't recall it being identified as a known issue. I have had a look through my database of past postings and come up with this:
Need help with GSS and joining a domain problem
I have done investigation related to the Windows 2008 server R2 domain joining issue. In my testing I have observed as follows.
1. Domain joining were successful for Windows 7 clients with domain joining sysprep task and configuration task.
2. Domain joining fails on XP and Windows Server 2003 with warning message "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you" when run configuration task.
3. Domain joining were successful on XP and Windows Server 2003 with sysprep task.
No changes were made on Windows 2008 R2 domain controller (default settings) to allow domain join in my DC setup.
I went through the Microsoft link where Microsoft mentioned that the Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain controllers does not allow the use of older cryptography algorithms that are compatible with Windows NT 4.0 by default. This problem occurs because of the default behavior of the Allow cryptography algorithms compatible with Windows NT 4.0 policy on Windows Server 2008-based domain controllers. This policy is configured to prevent Windows operating systems and third-party clients from using weak cryptography algorithms to establish NETLOGON security channels to Windows Server 2008-based domain controllers. It means that "compromise security" warning message will observe and domain join will fail when XP and Windows Server 2003 client computers (which are Windows NT 4.0 based operating systems) use the NetJoinDomain function together with the NETSETUP_JOIN_UNSECURE join option against a Windows Server 2008-based domain controller. Issue will not observed on Vista SP1 onwards operating systems since Microsoft has taken care of the issue in the later versions of operating systems (Vista SP2 and Windows 7). Same was observed in my testing as well.
Microsoft has explained this issue in detailed at <http://support.microsoft.com/kb/942564>when the Windows 2008 R2 Read Only Domain Controller (RODC) is added to the network that has Windows XP or Windows Server 2003.
Microsoft has released the patch for XP (32 and 64 bit) and Windows Server 2003 (32 and 64bit) and can be download from <http://support.microsoft.com/kb/944043>. Prerequisites to apply this patch are mentioned on this link.
I have seen STN forum (<http://www.symantec.com/connect/forums/winxp-system-wont-join-domain-console-task>and <http://www.symantec.com/connect/forums/gss25-failed-join-domain-xxx-system-detected-possible-attempt-compromise-security>) which stated that the problem is resolved with this patch.
I have tested the domain joining with configuration task after applying the patch to XP 64 bit operating system and found to be working fine.
So according to my test observations, Vista SP1 and above will not have the problem while joining Windows 2008 server R2 domain. XP and Windows Server 2003 operating systems need to apply the 944043 patch to resolve Windows 2008 server R2 domain joining issue.
This may tie in with your observation that the Networking guys updates to 2008 R2 domain controllers, so maybe if your environment is still a mix of operating systems you can try the suggestions above.