Skip navigation

JSI Tip 1233. Logon fails across a NAT?

If you have a NAT (Network Address Translator) seperating your domain controller from your clients, logon may fail with a message similar to:

   A domain controller for your domain could not be contacted. You have been
   logged on using cached account information. Changes to your profile since you
   last logged on may not be available.

   Could not find domain controller for this domain.
NOTE: You may still be able to map drives.

This is caused by your NAT not translating the source IP address from the NetBIOS header.

NetBIOS headers that contain an Owner IP address that may require translation are:

NetBIOS Name Management

 - Name Registration/Refresh/Release Request
 - Name Registration/Refresh/Release Response
 - Positive Name Query Response
NetBIOS Datagram
 - Datagram Service Header
 - Directed and Broadcast Datagrams
 - Datagram Error Packets
NetBIOS datagrams are used for:
 - Locating a logon server
 - Sending a logon request
 - Performing domain synchronization
 - Browser host name announcements
 - Browser workgroup/domain announcements
 - NetBIOS Master Browser Existence and Election Packets
 - NET SEND /d: "Message"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.