This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 41%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi, can tcp port 10123 be disabled in site properties without causing some issues? I have vulnerability reported by Rapid7 saying self-signed certificate being used for communication on tcp port 10123 and I am struggling to remediate this.
If port should not be disabled any idea how to remediate this vulnerability? Thank you in advance.
You can't specifically disable it no, but if the port is not open, clients will fallback to 80 or 443 for client notification. This will cause an increased load on the MP(s) though.
I would seek an exception here though because in this case, although the cert is self-signed, it is created and controlled by ConfigMgr and not just a randomly generated cert.
If InfoSec reject my request how can I replace that certificate with one issued by CA?
You cannot. As noted, the most you can do is allow the port to be blocked and the clients will fallback to 80 or 443.
What about unchecking port 10123 in site properties (client communication)? That would block it?
I've honestly never thought about doing that and don't know the full ramifications of doing so. You can certainly try though and validate that client notification is still working. The client notification logs will show you the ports being used.