3CX Modifies Windows Hosts File

Mark Berry August 4, 2016

A Windows Server 2012R2 Essentials machine was returning strange results when I did a DNS query from PowerShell. I traced it back to modifications that 3CX version 14 had made to the Windows hosts file.


One standard setup for Essentials is to have a “remote.mydomain.com” address registered with a public DNS server. That address is used for remote access to the Essentials machine and as an RDP gateway.

The Issue

In a PowerShell script, I needed to to check the current public IP of the Essentials server. Normally this line returns the first public IP address:


But this kept returning the localhost address

nslookup remote.mydomain.com worked fine, so DNS was not the problem. So why is the .Net DNS class returning


I discovered a new cmdlet in PowerShell v4 (Server 2012) called Resolve-DnsName.

Resolve-DnsName –name remote.mydomain.com

also returned Even when I explicitly specified Google’s DNS server:

Resolve-DnsName –name remote.mydomain.com –server

I kept getting How is that possible? Google’s DNS can’t be returning Wait, here’s an interesting parameter:  “-DnsOnly resolves a name using only DNS. LLMNR and NetBIOS queries are not issued.”

Resolve-DnsName –name remote.mydomain.com –DnsOnly

Success! This returns the public IP address. But I still don’t know where the is coming form. Okay, here’s another parameter:  “-NoHostsFile skips the hosts file when resolving this query.”

Resolve-DnsName –name remote.mydomain.com –NoHostsFile

Sure enough, this also returns the public IP. So must be coming from the hosts file.


When I opened C:\Windows\System32\drivers\etc\hosts, I found two entries apparently put there by the 3CX installer: remote.mydomain.com 3cx.mydomain.local

Interestingly, I had already uninstalled 3CX, but that did not remove these entries.


I backed up the hosts file and replaced it with one that did not have the extra pointers to The .Net DNS command was once again able to retrieve the public IP of the server.

I assume that 3CX puts these entries in the hosts file so that you can access its web interface with the public FQDN even when logged on to the machine where 3CX is installed. Fair enough. I would prefer to set that in DNS rather than in the hard-to-find hosts file, as 3CX documents here, but that is more complex because it would require manual intervention. Nonetheless, the user should be notified of the change to the hosts file, since it can unexpectedly impact other activities on the same machine, and the entries should be removed when 3CX is uninstalled.

Leave a Reply