0XC0210023

BitLocker 0XC0210023: RAW access blocked and how to fix it

Cybersecurity & Malware Intermediate 👁 1 views 📅 May 28, 2026

BitLocker can't enter RAW access mode because something locked the volume—usually Windows updates, disk encryption tools, or a corrupted TPM. Here's how to unstick it.

1. A pending Windows update or reboot is locking the volume

What's actually happening here is that Windows Update often leaves the system volume in a transitional state. BitLocker's fveapi.dll can't get exclusive RAW access because the filesystem is flagged as "dirty" (you'll see this in fsutil dirty query C:) or a reboot is pending. The error code 0XC0210023 means the driver refused to enter a mode that bypasses the filesystem—it's not an encryption failure, it's a permissions problem at the driver level.

I see this most often after a feature update (like 22H2 to 23H2) or a cumulative update that didn't finish. The fix is embarrassingly simple:

  1. Open Command Prompt as Administrator.
  2. Run chkdsk /f C: and press Y when it asks if you want to schedule it.
  3. Reboot—let chkdsk run on boot.
  4. After the automatic repair, run manage-bde -status C: to confirm the volume is back to normal.

The reason step 3 works is that chkdsk clears the dirty bit and fixes any minor filesystem inconsistencies. Once the volume is clean, BitLocker can acquire RAW access without contention. If that doesn't do it, check the Application event log for Event ID 1001 from Winlogon—that's a dead giveaway a restart is pending.

2. Third-party disk encryption or disk utilities are clashing

This one catches people off guard because they don't think about it until after the error pops up. Tools like VeraCrypt, Symantec Endpoint Encryption, or even older versions of Acronis Disk Director hook into the same storage stack as BitLocker. When two drivers request exclusive RAW access, the second one (usually BitLocker) gets blocked with 0XC0210023.

The scenario: You had VeraCrypt encrypting a secondary drive, then enabled BitLocker on the system drive. Next reboot: error. Or you installed a third-party backup tool that uses volume snapshots (like Macrium Reflect) and it didn't release the volume filter driver.

Fix:

  1. Temporarily disable or uninstall the third-party software. Don't just stop the service—uninstall it. Some drivers stay loaded until removal.
  2. Reboot. Then try your BitLocker operation again.
  3. If you absolutely need both tools (rare, but happens), you'll need to configure them to use different volumes. For example, let VeraCrypt handle only non-system drives while BitLocker protects the system volume.

Pro tip: Check fltmc in an admin command prompt. That lists all loaded filter drivers. If you see something like veracrypt or symevent in the list, that's your culprit.

3. Corrupted TPM or TPM driver mismatch

Less common, but when it happens, it's nasty. BitLocker relies on the TPM to hold the volume master key. If the TPM driver (tpm.sys) is outdated or the TPM firmware itself is corrupt, the fvevol.sys driver can't negotiate the RAW access handshake. You'll see the error along with TPM-related Event IDs (like 15 or 43) in the System log.

This typically follows a BIOS update, a TPM firmware update that went sideways, or a motherboard replacement (yes, people swap boards and wonder why BitLocker breaks).

Fix:

  1. First, back up your BitLocker recovery key. Go to aka.ms/myrecoverykey or run manage-bde -protectors -get C:.
  2. Clear the TPM from the UEFI/BIOS (Security > TPM > Clear). Reboot and let Windows reinitialize it.
  3. Update the TPM driver from your motherboard vendor's site—don't rely on Windows Update for this. For AMD systems, check the chipset driver package; for Intel, the Management Engine driver.
  4. Suspend and resume BitLocker: manage-bde -protectors -disable C: then reboot, then manage-bde -protectors -enable C:.

Suspending is not the same as decrypting. It just tells BitLocker to use a clear key temporarily. The volume stays encrypted. The re-enable step forces BitLocker to renegotiate with the TPM, and if the driver is fixed, that clears the RAW access block.

Quick-reference summary

Cause Symptom Fix
Pending update/reboot Error 0XC0210023 after Windows Update, chkdsk shows dirty bit Run chkdsk /f and reboot
Third-party encryption/utility Error after installing VeraCrypt, Symantec, or Macrium Reflect Uninstall conflicting software, check fltmc
Corrupt TPM/driver Error after BIOS update or hardware swap, plus TPM Event ID 15/43 Clear TPM in BIOS, update TPM driver, suspend/resume BitLocker

One last thing—if you're in the middle of a BitLocker operation (like encrypting or decrypting) when the error hits, don't panic. The volume is still protected. The error just means the operation stalled. Any of these fixes will get it moving again without data loss.

Was this solution helpful?

BitLocker 0XC0210023 STATUS_FVE_RAW_BLOCKED BitLocker RAW access blocked 0xc0210023 fix BitLocker error Windows 11 BitLocker error Windows 10 BitLocker repair tool manage-bde fix disable BitLocker temporarily TPM issue BitLocker third-party encryption conflict BitLocker chkdsk BitLocker volume BitLocker recovery key