0XC019003E

STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION (0XC019003E) fix

Database Errors Intermediate 👁 1 views 📅 Jun 9, 2026

EFS encryption fails inside a transaction. The fix: move encryption outside the transaction, or use a different encryption method.

Quick answer

EFS (Encrypting File System) cannot encrypt a file that's currently in a transaction. Decrypt it first, or encrypt before the transaction starts. If you need encryption inside a transaction, use a different encryption API or tool (like BitLocker or AES-based file encryption).

What's actually happening here

Error STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION (0XC019003E) shows up when you try to call EncryptFile() or FileEncryptionStatus() on a file that's currently part of a NTFS Transaction (TxF). The Windows kernel flat-out refuses EFS operations on files with an active transaction handle. This isn't a bug — it's by design. Transactions are meant to be atomic and consistent. EFS encryption changes the file's metadata (the $EFS stream) and the actual ciphertext on disk. Mixing that with a pending transaction would break isolation guarantees: if the transaction rolls back, the encryption state would be inconsistent. The error code 0XC019003E is defined in ntstatus.h as STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION, and the decimal is 3221225534.

Real-world scenario: You're using a backup tool or a database that wraps file operations in a transaction (like SQL Server's VSS writer or a custom script using CreateFileTransacted). Then some other process — maybe a scheduled encryption job — tries to EFS-encrypt those files. Boom, you get 0XC019003E on the console or in the Event Log under Application or System.

Fix steps

  1. Identify which process holds the transaction. Use Process Monitor (procmon) from Sysinternals. Filter for CreateFile with a result of SUCCESS and path containing your file. Look for handles with Desired Access: Generic Write or Synchronize that are from a process like sqlservr.exe, VSSVC.exe, or a custom backup tool. The transaction handle is opened with FILE_FLAG_OPEN_REPARSE_POINT or via CreateFileTransacted. If you can't find it, check the Application event log for source Microsoft-Windows-TxF warnings.
  2. Close the transaction or wait for it to complete. If you control the process, commit or roll back the transaction. For SQL Server, you can run CHECKPOINT to flush and close open transactions on a database file. For a VSS snapshot, the transaction is temporary — wait a few seconds and retry. If the process is stuck, you might have to kill it (use taskkill /f /pid [PID] from an admin prompt). After that, retry encryption.
  3. Encrypt the file before the transaction starts. If you're writing code, call EncryptFile() first, then open the file in a transaction. The error only fires when there's an active transaction at the moment of encryption. So ordering matters.
  4. If you can't avoid transaction open, skip EFS and use an alternative encryption method. For example, use CryptEncrypt with AES-GCM to encrypt the file data yourself, leaving the file system's EFS out of it. Or use BitLocker at the volume level — BitLocker works transparently with transactions.

Alternative fixes if the main steps don't work

  • Disable TxF on the volume (extreme, not recommended). You can disable transaction support on a specific volume by setting the registry key HKLM\SYSTEM\CurrentControlSet\Services\FxCtl\Parameters\DisableTxF to 1 for that volume's GUID. This is a sledgehammer — it breaks any app that relies on TxF (including older versions of SQL Server and some backup tools). Only do this on a non-production machine.
  • Use a different encryption tool that doesn't rely on EFS. Tools like VeraCrypt or 7-Zip AES-256 encrypt at the file or container level, not the NTFS attribute level. They work fine inside transactions because they're just writing regular bytes.
  • Patch the application that opens the transaction. If you can modify the source code, ensure the app calls CloseHandle on the transaction handle before encryption. Or, open the file with FILE_FLAG_OPEN_NO_RECALL or FILE_FLAG_BACKUP_SEMANTICS — none of those bypass the EFS check, but it's worth testing.

Prevention tip

The cleanest fix is architectural: never mix EFS and TxF on the same file handle. In your code, encrypt files before opening them in a transaction, or after committing. If you need both, use a two-phase approach: encrypt the file, then snapshot or back it up inside the transaction. For databases, consider using Transparent Data Encryption (TDE) instead of EFS — TDE encrypts at the page level and plays nice with VSS and transaction logs. Also, set a global file watcher or a scheduled task that checks for transaction handles before running encryption jobs — fsutil transaction list can show active transactions on a volume.

Was this solution helpful?

0XC019003E STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION EFS encryption transaction error Windows EFS transaction NTFS transaction encryption 0xC019003E fix encrypt file inside transaction TxF encryption error EFS not allowed in transaction Windows 10 encryption error SQL server transaction encryption EFS transaction blocked