Just to update you guys, disabling firewall in the policy is indeed working, I can see that in all of the clients are grayed out and no checkmark on it.
However, we are still getting event 8003 & 5719 from some of our workstations.
Usually when this happens, one of the desktop is trying to broadcast that his the master browser, causing the other desktop to believe it, by the time a user will login, they will get "The system cannot log you on now because the domain <DomainName> is not available"
This came out after the upgrade.