Ahhh. because you have the wrong type of "domain" rule specified.
The "Directory request only override" rule is only used for performing *LDAP* queries against the Domain Controller (i.e. enumerating the domain tree).
To authenticate with a domain-member computer, you must use the "Domain or Workgroup" rule or the "Organizational Unit" rule... the first two listed on the Add Rule menu.