Network Address Translators (NATs) can block Netlogon traffic (172227)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Server 4.0
This article was previously published under Q172227 SYMPTOMS
When you have a Network Address Translator (NAT) that separates a Windows NT
domain controller from its domain members or other trusted domains,
Netlogon communication may fail. You will still be able to successfully
redirect a drive across the NAT, and browse across the NAT, but logon
attempts and trusts may fail. For example, when a client tries to log on to the domain across the NAT, the client may
receive an error message similar to the following:
A domain controller for your domain could not be contacted. You have
been logged on using cached account information. Changes to your
profile since you last logged on may not be available.
When you attempt to establish a trust relationship between domains, you
may receive an error message similar to the following:
Could not find domain controller for this domain.
Note The error messages and conditions may differ from the above, but it
will always be Netlogon communications that fail.
CAUSE
Your NAT is not translating the source IP address from the NetBIOS header
in your network traffic.
RESOLUTION
To successfully implement a Windows NT domain structure using a NAT, the
NAT will have to translate the addresses in NetBIOS datagram headers.
Please consult the vendor of your NAT for information on this issue.
REFERENCES
For more information on NATs, see RFC 1631.
For additional information about obtaining an RFC document, click the following article number to view the article in the Microsoft Knowledge Base:
185262
How to obtain Request for Comments documents from the Internet
Modification Type: | Major | Last Reviewed: | 5/3/2004 |
---|
Keywords: | kbinfo kbnetwork KB172227 |
---|
|