I work at the same school as Mike Harrison (he's my boss ) and i just thought I would add my bit to this and tell you where we are now
We made the decision to move from windows/iis to centos/apache as we had successfully got 2 moodle instances to talk on a centos box.
I migrated our instance over (we'll call that site A) and make a brand new instance to use as a public VLE (Site B)
I still ran into problems with this configuration and found that to fix it I had to take a look at the database table mdl_mnet_host and correct the url for entry id 1 which is your own moodle. We had to do this as we migrated our moodle from one url to another and the entry was wrong. This would also apply to people who install moodle on a test server to play around with then migrate to a production server I suppose.
The next problem we had the pulled up the you do not have permissions blah blah error was to do with our wwwroot and https. Even though we had set https only for login the site would stay in https for users after login. We are pretty sure this is because of something our ISA server is doing as we are running in masquerading mode behind a firewall. Even though I created the networking key whilst in https mode we would still get that error. I found that if you change the url manually to http all worked perfectly. Site A users could roam to Site B and I could enrol them from our instance remotely.
We decided to cut our losses and change the wwwroot to https and run in secure only mode. I regenerated the key in networking, deleted the partnerships and restablished them. Now everything is all sorted.... for us!
We have 2 other schools that need to roam to our public site as we are hosting a Virtual Reading group for our federation of schools. 1 schools moodle seems to connect fine and users can roam to our public VLE but they cannot enrol users remotely. When you try to you get the good old RPC message
enrol/mnet/available_courses:ERROR 7:couldn't connect to host
The other site the time is skewed so until their peeps sort this I cannot check roaming but we get the same error 7 message when enrolling remotely...
I'm hoping it is something to do with the what I described at the top with urls in the database but can't be certain
just for info though if you do need to do a find and replace in the database, for example after a url change, try the tool in the admin folder of your moodle. /admin/replace.php
works a treat but backup before ;) just in case
oh the joys!