Client can join a domain but GPOs (computer and user) do not work

I have a UCS domain server migrated from a windows 2003 domain.
Actually pc can join to domain, users can login, but GPOs are not working.
I can see the folders \domainserver\sysvol and netlogon.
On a pc joined to domain I run:
nltest /dclist:ewe.lan

and I get:

impossible to execute DSBind for ewe.lan (\ucs.pdc.ewe.lan).Status = 1753 0x6d9 EPT_S_NOT_REGISTERED
Error I_NetGetDCList: Status = 1231 0x4cf ERROR_NETWORK_UNREACHABLE

On UCS server I run diagnostics and I get:

Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/”, line 280, in execute
result = execute(umc_module, **kwargs)
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/”, line 145, in run
drs = DRSUAPI()
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/”, line 62, in init
drs_tuple = drs_utils.drsuapi_connect(self.server, self.load_param, self.credentials)
File “/usr/lib/python2.7/dist-packages/samba/”, line 63, in drsuapi_connect
raise drsException(“DRS connection to %s failed: %s” % (server, e))
drsException: drsException: DRS connection to ucs-pdc.ewe.lan failed: (3221226047, ‘No service is operating at the destination port of the transport on the remote system.’)