Exchange autodiscover and public IP disclose exchange server IP details

Kosala Randika Paranathala 66

Hi,

Our exchange server's local IP address will disclose through the autodiscover and public IP, someone do a scan for the exchange autodiscover and public IP then they will see the local IP of the exchange server, how do we mitigate this issue?

Currently, our Exchange servers are patched up to Exchange 2016 CU 22 (one behind the latest) + Latest SU (released in August).

Jame Xu-MSFT 4,166 Reputation points

2022-09-08T09:41:00.2+00:00

Hi @Kosala Randika Paranathala ,
I found a case similar to your question, which you could refer to:
https://social.technet.microsoft.com/Forums/en-US/5c1c04da-aabf-445f-914a-c41e08c5de5b/exchange-server-2016-discloses-internal-ip
If you want to test, make a backup in advance to prevent unnecessary losses due to accidents.
Jame Xu-MSFT 4,166 Reputation points

2022-09-13T02:57:08.183+00:00

Hi, I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

2 answers

Limitless Technology 43,931 Reputation points

2022-09-16T07:40:07.38+00:00

Hi KosalaRandika-9232,

You can try the following command to prevent this from happening:

appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:"DESIRED ALIAS" /commit:apphost

-------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Andy David - MVP 141.6K Reputation points MVP

2022-09-07T12:59:04.843+00:00

Can you require all users to use a VPN to access Exchange and block 443 externally?
Please sign in to rate this answer.
Kosala Randika Paranathala 66 Reputation points

2022-09-08T11:01:09.04+00:00

Hi Andy,

Since we have gaps in to use VPN for all users this will bit tuf to implement.
Sign in to comment