The services account that runs the QVWS doesn't need to be a member of a particular domain, any local admin account (QV Admin too of course) with logon-as-service rights will do. So...after you added the LDAP strings, were you able to browse the users in the QEMC or not? If not, then the problem is with the connection string and/or user account itself. If you were, then yeah, it's a domain structure issue.
An important thing to keep in mind is what domain the QVS itself belongs to. If it's a member of Domain A, then the default login domain is A.mycompany.com. If you don't specify the LDAP string properly, then it will attempt to authenticate domain B as A.mycompany.com\B.mycompany.com\user, which of course won't work. That's why Fully Distinguished format is preferable--you would want to specify your full LDAP structure in each string.
Can you be more specific as to what doesn't work? Is it presenting you with a login prompt? Is authentication failing following the prompt? Assuming you get a login promt, what is the format of the username you are entering?
Try adding the AccessPoint to the client's Intranet and/or Trusted Sites IE zone.
Well, no, this isn't a port issue. What format are you inputting the username? And, most importantly, in what format did you specify the LDAP string in the DSC? I find that Fully Distinguished format works best. For example, if domain A is northamerica.mycompany.com and domain B is europe.mycompany.com, you would put the strings in the following format: LDAP://DC=northamerica,DC=mycompany,DC=com and LDAP://DC=europe,DC=mycompany,DC=com.