This for anyone else experiencing this problem:

This problem was not due to the firewall setting as initially stated.
The problem was resolved by manually entering the primary and secondary
DNS server IP addresses into each client.

There was something on the microsoft web site, saying that there were
too many hops between the clients and the DNS server, so DHCP could not
be used. This has resolved the problem, but I can see it becoming an
admin nightmare if I cant get DHCP to provide the DNS settings.

....May be it has something to do with the fact that a 515e PIX is
providing DHCP???


ozkan_aziz@hotmail.com wrote:
> I am in the process of deploying AD. I have 2 clients that work and I
> have reduced the problem down to the following:
>
> 1. when the firewall blocks all but ports 80 (web), 443 (ssl), 25
> (smtp) the clients will connect to the domain, but the group policy
> will not be applied to them. The clients are all Windows XP pro with
> SP2 and patches. I have one machine that the policy is applied to but
> that was previously on a test network where the firewall allowed all in
> and all out with all protocols.
>
> 2. One of the machine which did not apply the group policy, was given a
> static IP which allowed all in and all out. This machine was rebooted
> and when we logged into the domain the group policy was applied. I
> thought it may have something to do with NTP so I allowed UDP 123 (i
> think this is for NTP) out the firewall and still no luck.
>
> Any help in this area would be much appreciated.
>
> Thanks
>
> Oz
>
> Please free to reply or email: ozkan_aziz@hotmail.com