diff --git a/services/provider/server/server.go b/services/provider/server/server.go
index 0fadeafad6..a35062cccc 100644
--- a/services/provider/server/server.go
+++ b/services/provider/server/server.go
@@ -1067,6 +1067,13 @@ func isEncryptionInTransitEnabled(networkSpec *rookCephv1.NetworkSpec) bool {
 
 func extractMonitorIps(data string) ([]string, error) {
 	var ips []string
+	const (
+		// msgr2port is the listening port of the messenger v2 protocol
+		msgr2port = "3300"
+		// msgr1port is the listening port of the messenger v1 protocol
+		msgr1port = "6789"
+	)
+
 	mons := strings.Split(data, ",")
 	for _, mon := range mons {
 		parts := strings.Split(mon, "=")
@@ -1077,6 +1084,16 @@ func extractMonitorIps(data string) ([]string, error) {
 	}
 	// sorting here removes any positional change which reduces spurious reconciles
 	slices.Sort(ips)
+
+	// Rook does not update the rook-ceph-mon-endpoint ConfigMap until mons failover
+	// Starting from 4.18, RequireMsgr2 is always enabled, and encryption in transit is allowed on existing clusters.
+	// So, we need to replace the msgr1 port with msgr2 port.
+	for i, ip := range ips {
+		if strings.HasSuffix(ip, msgr1port) {
+			ips[i] = strings.TrimSuffix(ip, msgr1port) + msgr2port
+		}
+	}
+
 	return ips, nil
 }