0X80310028

BitLocker 0x80310028: "Not OS Volume" on Non-Boot Drive

Hardware – Hard Drives Intermediate 👁 0 views 📅 May 26, 2026

This error hits when you try to turn on BitLocker on a data drive that's not the C: drive, or when the drive doesn't have the right partition layout.

When You'll See This Error

You're sitting at a Windows 10 or Windows 11 machine — maybe a Dell OptiPlex 7080 or a custom build you just threw together with a second SSD. You right-click that shiny new D: drive in File Explorer, click "Turn on BitLocker," and instead of a wizard you get a pop-up with: "The volume specified is not the boot OS volume." The error code is 0X80310028.

This is the kind of thing that makes you want to throw the keyboard. You're not trying to encrypt the OS drive — you know that. You're encrypting a data drive. And still, Windows is acting like you're doing something stupid. But you're not stupid. The machine just isn't set up right for BitLocker to work on non-OS drives.

Root Cause in Plain English

BitLocker on a data drive (any drive that isn't the C: drive) still needs an active system partition to store the encryption keys and boot-time validation data. Normally, Windows creates this small (100-500 MB) partition during installation. If that partition is missing, damaged, or not marked as active, BitLocker refuses to touch any other drive — even a plain data drive. The error code 0x80310028 is Windows saying, "I can't find the system partition I need to manage encryption on this other volume."

On some systems, the system partition exists but doesn't have a drive letter — or its type is wrong (like TYPE=07 instead of TYPE=27 for an EFI system partition). The 0X80310028 error is a catch-all for "the boot OS volume isn't properly set up to support BitLocker on other volumes."

The Fix — Step by Step

Step 1: Confirm the Volume Isn't Already the OS Volume

Open an elevated Command Prompt: hit Windows + X, select "Windows Terminal (Admin)" or "Command Prompt (Admin)." Then run:

manage-bde -status

Look at the list. If the drive showing the error is not listed as "Operating System Volume" (should say "Data Volume" or similar), you're in the right place. If it is showing as OS volume, you've accidentally tried to encrypt C: — but that's a different error code usually. Move on.

Step 2: Check for an Active System Partition

Still in the admin prompt, type:

diskpart
list disk
select disk 0
list partition

You're looking for a partition labeled "System" or "EFI System Partition" that's around 100 MB to 500 MB. If you see one, note its type. If you don't see one, that's your problem. Exit diskpart with exit.

Step 3: If the System Partition Is Missing, Create It

This sounds scary, but it's doable if you're careful. Back up your data first. I can't say that loud enough. If you're on a UEFI system (most modern PCs), you need an EFI system partition (ESP). Here's how to add one without wiping the drive:

  1. Shrink your main OS partition by 500 MB. In Disk Management, right-click the C: partition and select "Shrink Volume." Enter 500 for MB. You'll get unallocated space.
  2. Open Command Prompt as admin again.
  3. Run diskpart.
  4. select disk 0
  5. create partition efi size=100 — this creates the small EFI partition.
  6. format quick fs=fat32 label="System"
  7. assign letter=S — give it a temp letter so we can see it.
  8. exit

After that, you need to tell Windows to use it. Run:

bcdboot C:\Windows /s S: /f UEFI

Remove the drive letter later with diskpartselect partition Sremove. But first, test.

Step 4: Try BitLocker Again

Now go back to your D: drive (or whatever data volume). Right-click, "Turn on BitLocker." If the wizard starts, you're golden. If the error comes back, don't panic — there's one more thing.

Step 5: Force Enable BitLocker with manage-bde

Sometimes the GUI is picky. Use the command line tool. For your D: drive, run:

manage-bde -on D:

It'll ask for an encryption method and password or smart card. If it throws 0X80310028 again, the problem is the active system partition still isn't marked active, or the BCD store is corrupted.

Step 6: Repair the BCD Store

Boot from a Windows installation USB. On the setup screen, click "Repair your computer" → "Troubleshoot" → "Command Prompt." Then:

bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd

Reboot, log into Windows, and try manage-bde again. This fixes most lingering BCD issues that cause the error.

What to Check If It Still Fails

If you've gone through all that and the error persists, check these three things:

  • Is BitLocker even supported on your edition? Windows 10/11 Home doesn't include BitLocker for data drives. You'd see a different message, but verify with winver. You need Pro, Enterprise, or Education.
  • Is the drive an MBR disk instead of GPT? BitLocker on non-OS volumes needs GPT on UEFI systems. Convert MBR to GPT using mbr2gpt.exe /convert (safe on modern Windows 10/11).
  • Third-party encryption or RAID controllers? Some hardware RAID cards don't expose drives correctly to BitLocker. If you're using a RAID 0 array as a data volume, BitLocker may refuse to encrypt it. That's a hardware limitation, not a software bug.

That covers just about every case of 0x80310028 I've seen in a decade of help desk work. It's almost always the missing system partition or a busted BCD. Fix those, and you'll be encrypting drives like a pro.

Was this solution helpful?

BitLocker error 0x80310028 FVE_E_NOT_OS_VOLUME BitLocker not boot volume BitLocker data drive fix enable BitLocker data drive BitLocker system partition missing BitLocker error code 0x80310028 fix BitLocker error not OS volume BitLocker startup issue Windows 10 BitLocker error Windows 11 BitLocker error BitLocker drive encryption failed manage-bde fix BitLocker volume not OS