ICMP Destination Unreachable, Code:3 SBS 2008

Posted on 2011-10-28
Last Modified: 2012-05-12
I have a SBS2008 Server (DC), and a Standard Windows Server 2008 (BDC) on my network with a SonicWall TZ210 acting as the gateway to the outside internet.  Both DC's are on the same subnet.

I am having problems getting my SBS2008 (Dell PowerEdge T610) to answer DNS requests OUTSIDE our network.  The server cannot access anything on the internet UNLESS I put my Backup DC in the NIC's alternate DNS field for the server.  If I allow my BDC to act as a secondary DNS on my PDC, I can send/receive email, etc and browse the internet on the PDC.  When I remove it, I cannot access the internet on my PDC (SBS).

Interesting note...when I remove the Backup DNS on my PDC, I *can* search google, but when I try to click a search result (a site not in the cache), the connection fails.

On the sonicwall, I went to the log and set my destination IP to the same as my SBS.  From the SBS, I tried to ping  I get several logs in the Sonicwall - "ICMP Destination Unreachable, Code:3".

Try the same thing on my BDC, it answers fine, don't get any errors logged in the sonicwall.

I have run the Internet Connection's telling me that it can't get outside my router/firewall.  One of the last steps in the wizard is to "test", and it returns that it can't connect to the internet (although I can at that time by going to a web browser).

The ethernet adapter on the Dell SBS is a Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client).   I can nslookup successfully any computer internally on the same subnet as the SBS, but nothing outside.

It appears that this is a problem on my BDC, but I can't figure out how to fix it.

Question by:chrisrbloom
    LVL 10

    Expert Comment

    Sounds like dns is not correct on the sbs or is not installed
    LVL 3

    Author Comment

    DNS is definitely installed on the SBS...however when I do a recursive query it fails.  A simple query passes.  This SBS has been in service for about 8 months without many problems...this just started this week.
    LVL 3

    Accepted Solution

    The problem ended up being a NAT rule on the firewall.  

    I have a Sonicwall TZ210 and I needed to add the DNS service to a NAT rule.
    LVL 3

    Author Closing Comment

    The solution was in an entirely different area than I was looking.  It had nothing to do with SBS, rather the firewall was the block.  It was NOT a problem with my DNS.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
    You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now