Exchange 2013, 2016, 2019, Event 3028, KILLBIT error, you can safely ignore since 2014

by butsch 20. June 2023 13:25

We just stumbeld again over the KILLBIT event 3028 warning on several Exchange Versions dated 06/2023.

It still does not sound good from the text and you would think that some third party plugin or som health check blocks the files.

Some say this is normal, some say you can safely ignore this. MS does not seem to know.

Event 3028, MSExchangeApplicationLogic

Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.1497.48\ext\killbit\killbit.xml' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)

at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime)


On this machine we found following versions of the file. Deletion of the FILE and then IISRESET or Recycle APP Pools does not solve it.


Solution: NONE, just wait and do not handle on SIEM J





Exchange 2019 | Exchange 2016 | M365/AZURE

Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: