Windows DHCP Server and pfsense RElay

how ever it keeps saying "eth0 doesn't have a valid ip configuration"

What keeps saying that?

the network card on the clients computer

Ok, on the DHCP server you only have one IP address, yes? That should be on the core VLAN and using default gateway pointing at pfSense.

Can you post a screenshot of the following from pfSense please?...

1. An interface for one of the VLANs
2. DHCP Relay config for one of the VLAN interfaces

yes on the server i only have one ip address and its on the core vlan (192.168.5.6) and GW is pfsense 192.168.5.3.

Thanks.

If you give a client on VLAN3 a static IP, can it ping pfSense if you add an ICMP allow rule?

i have a feeling i have a wrong setting: i For the scope setting, the router is suppose to be pointed to the vlan interface correct?

I am able to ping the vlan interface on pfsense (192.168.30.3)

how is your network setup?

internet <> pfsense - eth0 <wan>
                    pfsense - eth1 - vlan1 - Server - AD/DNS/DHCP
                    pfsense - eth2 - Switch - to rest of network

internet <> pfsense - eth0 <wan>
                    pfsense - eth1 - vlan1 (core) - Server - AD/DNS/DHCP
                    pfsense - eth2 - Vlan3 - Switch - to rest of network  
Lan and Vlan 3 is connect to the switch and all ports are tagged for core and vlan3

It looks like you have the scopes configured correctly.

Untick the "Append Circuit ID" box on the relay and see what happens.

ok, so I had the vlan 3 scope router pointing to 192.168.5.3 which i switched to 192.168.30.3, now I'm getting "The dns server isnt responding" The dns is pointed to pfsense 192.168.5.3. (When i pointed the dns to the server (192.168.5.6) i couldn't get out to internet because it's not using its own ISP connection and there's a firewall i don't have access to this which was blocking me from getting out to the internet until i pointed it to my pfsense router )

It looks like you have the scopes configured correctly.

Untick the "Append Circuit ID" box on the relay and see what happens.


I did this and nothing would happen.

That worked!
Now for the next part: I'm having a bit of trouble understanding what rules to use/set.
I need vlan 3 to be able to access my core vlan which has AD, printers, file storage.

You need to understand what ports/protocols your clients use to reach the devices in your core VLAN. You can do this by creating a deny all rule on the VLAN3 interface. Enable logging on this rule then try to access resources. Review the logs to see what was attempted, then you can use the EasyRule feature to add particular log entries as rules.