can you send a screenshot of the domain join page?
What kind of authentication are you doing (I'm not asking about NTLM)? Is there a reason you have NTLMv2 disabled?
See this document for what I'm asking (direct proxy or authentication server)
If you are using the auth server, do you have the auth server URL trusted in the browsers (this is covered in the guide)?