by butsch
20. June 2023 13:25
We just stumbeld again over the KILLBIT event 3028 warning on several Exchange Versions dated 06/2023.
It still does not sound good from the text and you would think that some third party plugin or som health check blocks the files.
Some say this is normal, some say you can safely ignore this. MS does not seem to know.
Event 3028, MSExchangeApplicationLogic |
Scenario: ProcessKillBit. Failed to read killbit list file because of exception System.IO.IOException: The process cannot access the file 'D:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\prem\15.0.1497.48\ext\killbit\killbit.xml' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Microsoft.Exchange.Data.ApplicationLogic.Extension.KillBitHelper.TryReadKillBitFile(Int32& refreshRate, DateTime& lastModifiedTime) |
https://www.experts-exchange.com/questions/29105291/Exchange-2016-Event-3028-Killbit-Error-over-and-Over.html
https://social.microsoft.com/Forums/mvpforum/it-IT/93d55539-e3fc-4c3f-b479-673ac7810834/exchange-2016-event-id-3028-killbitxml
|
On this machine we found following versions of the file. Deletion of the FILE and then IISRESET or Recycle APP Pools does not solve it.
Solution: NONE, just wait and do not handle on SIEM J