SYMPTOMS
When you try to log on to a domain from a computer that is running Microsoft Windows NT 4.0, Microsoft Windows 95, or Microsoft Windows 98, and is located behind a Windows 2000-based server that is performing network address translation (NAT) or Internet connection sharing (ICS), you receive the following error message:
A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available.
Additionally, you cannot establish a trust relationship between domains if one of the domain controllers is located behind a NAT server. However, you can map network drives by using the
net use command from a client behind the NAT server. This works because the NetBIOS header contains the client name (not the client IP address).
Note that the error messages or conditions may differ from those described in this article, but it is always Netlogon communications that do not work.
If you are using a Windows 2000-based client behind a NAT server and you are using Windows 2000-based domain controllers, you can log on to the domain because Windows 2000 does not use Netlogon for domain logons.