hi there.
because of our Sophos UTM, I couldn't join a workstation on 10.0.1.x to the domain on 10.0.0.x.
My NS IP is 10.0.0.200, former working ldap server was 10.0.0.2
I created a policy allowing ports 389 (ldap) and 445 (microsoft-ds) from 10.0.1.x to 10.0.0.200.
netstat -a | grep mydom
myserver.mydom:microsoft-ds
myserver.mydom.lan:ldap
cat /etc/services | grep microsoft
microsoft-ds 445/tcp
microsoft-ds 445/udp cat /etc/services | grep ldap
ldap 389/tcp
ldap 389/udp
Now the workstaton joins the domain.
The workstation was patched with registry key mentioned by @Nas
I have also modified c:\windows\system32\drivers\etc\hosts with
10.0.0.200 mydom.lan myserver.mydom.lanThank you all.
Cheers.