I have my server set up with 2008 now, pdc, dhcp, dns and I'm not getting any errorevents. On the server, I have internet access, but not on the client. I have one client on the subnet that's not part of the domain (it has Vista Home Premium) and it has internet access. On the domain client w/o access, I don't have any error events.I have the output on the client:C:>nslookupDNS request timed out. timout was 2 seconds.Default Server: UnKnownAddress: 192.168.1.1>C:>nslookup 127.0.0.1 192.168.1.1DNS request timed out. timout was 2 seconds.Default Server: UnKnownAddress: 192.168.1.1*** UnKnown can't find 127.0.0.1: No response from server.>The output of nslookup set all is the same on the client as it is on the server. Any ideas what could be wrong?Ed

With Active Directory all machines (including the DC itself) should point to the LAN IP of the DC for DNS.1. Set the DC to point to its own LAN IP for DNS, not the loopback address 127.0.0.12. Check that all client machines also use this IP for DNS.3. Modify your local DNS to forward to a public DNS service (such as the one at your ISP) so that it can resolve foreign URLs as well as AD resources. The non-domain machine is probably using some other machine for DNS. This is not compatible with AD. AD machines should use the local DNS server only.Bill

Thanks Bill,I'm not sure where its getting localhost from. I have the following settings for the server interface:192.168.1.1255.255.255.0192.168.1.254 (default gateway)192.168.1.1 (preferred dns server)This is the default install. I reinstalledthe osafterI reconfigured the server interface. There were too many references to that ip.Ed

I should have mentioned that 1 and 3 were already done. The client pc interfaces are set to get IP and DNS automatically.Ed

If your server is a DC and DNS server it should not have any other interfaces!Bill

It doesn't. It only has the one nic configured as I've already noted. The preferred dns is set toits own ip, not localhost. That's the reconfig I was talking about. I took out the second nic. To get additional ports, I connected the switch to the gateway. Everything else is connected to the switch. Then I reinstalled Server 2008. If I run ipconfig on the server it lists Server1 as the dns server. I looked at every record in the dns role and I can't find any reference to 127.0.0.1. I don't see why that's getting assigned to the client. I suppose Icould go to the client and manually config its interface dns, but I would like to figure out what's wrong.Thanks for your help so far.Ed

I discovered that the client firewall (Norton)was blocking udp 53. NSLOOKUP now works, but IE still doesn't. Norton firewall config had a page that supposedly listed the network the machine is joined to but it is blank. I'll have to check into that later.Ed

That was a dead end. I disabled Norton completely and still don't have internet access at the client.Ed

Update, all working now. I had an error event with w32tm. That was preventing the server from syncing to a reliable time source. I fixed it, but at the time of the last post, I still did not have internet access. The problem was that the profiles were created on the client at a time when kerberos was not granting complete authorization due to the time sync issue. After I recreated the local user profile, everything is fine.Ed