I've had an external security audit recently done and I'm having some trouble with one of the items they cited as a security concern. It is for an Exchange 2003 OWA server, here is what they wrote:
Content-location http header” errors divulged DMZ/internal IP address xxx.xxx.xxx.xxx for device with external address xxx.xxx.xxx.xxx. Auditor recommends configuring the web servers to not disclose specific information.
I looked this up and found this KB Article:
I already have all service packs applied so I entered the command as directed with the following variables:
cscript adsutil.vbs set w3svc/1/SetHostName exchange
This broke something in DNS and I couldn't load the page at all. Fortunately I had backed up the metabase right before so was able to do a full restore. Unfortunately none of the icons on the page would load which turned out to be an authentication problem but I was able to correct that.
Obviously making that change caused some kind of DNS problem but I'm not sure what variable I should replace "exchange" with in order to both fix the problem and allow OWA to continue operating. Any advice would be appreciated.