WINDOWS · 0x80310024 FVE_E_OVERLAPPED_UPDATE

How to fix Windows error 0x80310024: Overlapped update

By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-25

Windows error 0x80310024 (FVE_E_OVERLAPPED_UPDATE) is a HRESULT returned by the BitLocker Drive Encryption (fvevol.sys). The official meaning is: The control block for the encrypted volume was updated by another thread. Try again. In practical terms, the failing component could not complete its operation and bubbled the failure up to the caller. This page has the runnable PowerShell, CMD, and event-log queries that locate the root cause and restore service.

⚡ At a glance
Error code0x80310024
Symbolic nameFVE_E_OVERLAPPED_UPDATE
Code classHRESULT
PlatformWindows
SubsystemBitLocker Drive Encryption (fvevol.sys)
Official messageThe control block for the encrypted volume was updated by another thread. Try again.
SourceMicrosoft MS-ERREF (HRESULT)

What is 0x80310024?

Real-world context. Cost envelope: ~Rs 0 INR (configuration fix in most cases). Time at the keyboard: ~10 to 30 minutes triage. Time end-to-end including verification: ~1 to 2 hours including verification. Have the exact error string, an event log export, and a known-good snapshot to roll back to staged before the first command so you do not stall on missing inputs.

0x80310024 is a HRESULT value defined in Microsoft's MS-ERREF specification. It is owned by the bitlocker full volume encryption layer of Windows. The verbatim message Microsoft assigns to this code is: "The control block for the encrypted volume was updated by another thread. Try again." In day-to-day terms that means a call into the BitLocker Drive Encryption (fvevol.sys) returned without completing its work, and either the caller or an event-log entry surfaces this code so an administrator can act on it.

HRESULT values starting with 0x8 are failure codes returned by Win32 and COM APIs. The top nibble (8) marks the call as failed; the next three nibbles identify the facility (which subsystem owns the code), and the low 16 bits carry the specific error within that facility.

When does 0x80310024 appear?

These are the patterns that trigger 0x80310024 most often in production:

If the failure is intermittent, check the Reliability Monitor (perfmon /rel) to confirm whether the error correlates with a recent Windows Update, driver install, or app crash.

How to fix 0x80310024

Start with the detection block so you know which process and which call site produced 0x80310024. Then apply the subsystem-specific repair. Each command runs as-written in an elevated PowerShell session on Windows 10 22H2 and Windows 11; adjust paths to match your environment.

Detect where 0x80310024 is firing (PowerShell, run as administrator)

# 1. Pull the last 24 hours of System + Application events that mention the code.
$since = (Get-Date).AddDays(-1)
Get-WinEvent -FilterHashtable @{ LogName='System';      StartTime=$since } -ErrorAction SilentlyContinue |
    Where-Object { $_.Message -match '0x80310024' -or $_.Message -match 'FVE_E_OVERLAPPED_UPDATE' } |
    Select-Object TimeCreated, ProviderName, Id, Message | Format-List

Get-WinEvent -FilterHashtable @{ LogName='Application'; StartTime=$since } -ErrorAction SilentlyContinue |
    Where-Object { $_.Message -match '0x80310024' -or $_.Message -match 'FVE_E_OVERLAPPED_UPDATE' } |
    Select-Object TimeCreated, ProviderName, Id, Message | Format-List

# 2. Snapshot which process is generating the failure, if it shows up live.
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 Id, ProcessName, CPU, WS

BitLocker repair (PowerShell, run as administrator)

# 1. Confirm encryption state and which protectors are attached.
manage-bde -status C:
Get-BitLockerVolume | Format-List

# 2. Repair a damaged volume header using the recovery key.
repair-bde C: D:\BitLockerRepair -rp <48-digit-recovery-key>

# 3. Re-attach a TPM protector if it was lost.
Add-BitLockerKeyProtector -MountPoint "C:" -TpmProtector
manage-bde -protectors -get C:

Reset BitLocker policy temporarily

manage-bde -off C:
manage-bde -on  C: -used -skiphardwaretest

Repair core system files (last resort)

# Run all three; the order matters.
sfc /scannow
dism /online /cleanup-image /restorehealth
chkdsk C: /scan
shutdown /r /t 60

If you can't fix immediately

Workarounds that reduce exposure to 0x80310024 while a full repair is scheduled:

How to verify the fix worked

After applying the repair, confirm 0x80310024 stops appearing in event logs and that the failing operation completes.

# 1. Re-run the same event-log query and confirm zero matches in the last hour.
$since = (Get-Date).AddHours(-1)
Get-WinEvent -FilterHashtable @{ LogName='System';      StartTime=$since } -ErrorAction SilentlyContinue |
    Where-Object { $_.Message -match '0x80310024' } | Measure-Object
Get-WinEvent -FilterHashtable @{ LogName='Application'; StartTime=$since } -ErrorAction SilentlyContinue |
    Where-Object { $_.Message -match '0x80310024' } | Measure-Object

# 2. Re-run the failing application or API call and confirm it returns S_OK / 0.
# 3. Snapshot the relevant service state to prove it is running cleanly.
Get-Service | Where-Object { $_.Status -ne 'Running' -and $_.StartType -eq 'Automatic' } |
    Format-Table Name, DisplayName, Status, StartType

Frequently asked questions

What does 0x80310024 mean exactly?

It is the Microsoft-assigned HRESULT value for FVE_E_OVERLAPPED_UPDATE. The official text reads: "The control block for the encrypted volume was updated by another thread. Try again." In practical terms, the bitlocker full volume encryption layer could not complete the requested operation and returned this code to the caller.

Is 0x80310024 dangerous on its own?

No. 0x80310024 is a status value, not a security event. It signals that one specific call failed inside the BitLocker Drive Encryption (fvevol.sys). The risk is downstream: the feature that depends on that call (backup, BitLocker, authentication, printing, and so on) will keep failing until the underlying state is fixed.

Will reinstalling Windows fix 0x80310024?

Usually no. A reinstall is a sledgehammer for what is normally a configuration, permission, or driver-state problem inside the bitlocker full volume encryption stack. Run the targeted PowerShell repair above first. Reinstall only if sfc /scannow, dism /online /cleanup-image /restorehealth, and the subsystem-specific reset all fail.

Where is FVE_E_OVERLAPPED_UPDATE defined?

In the Microsoft MS-ERREF specification under the HRESULT table. Microsoft Learn publishes the complete reference at https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/. The header-file definitions ship in the Windows SDK (winerror.h, ntstatus.h).

How is 0x80310024 different from the codes either side of it?

Codes that sit next to 0x80310024 in the spec usually belong to the same subsystem but cover a different failure mode. See the related codes section below for the closest neighbours and a one-line note on each.

Related guides worth a look while you sort this one out:

References


*Assembled from the Microsoft MS-ERREF specification on 2026-05-25. Confirm against the official Microsoft Learn entry for FVE_E_OVERLAPPED_UPDATE before applying changes in production environments.*

Field notes from real Windows incidents

When I work on the 0x80310024 symptom the rhythm I lean on is the one I have built over years of these tickets, not a stack of generic advice. Windows error codes come in a handful of families; once you recognise the family, the doc page is one search away. Reliability Monitor is the single most underused triage surface in Windows — it gives 30 days of crash history without writing a query.

DISM RestoreHealth needs network or a known-good source image; the most common cause of a failed RestoreHealth is a blocked Windows Update endpoint. STOP codes look terrifying but the first DWORD almost always points directly at the responsible driver.

Tools I actually reach for

For the 0x80310024 symptom on Windows the cheapest signal I can land usually comes from Reliability Monitor (perfmon /rel), then DISM and sfc, Process Monitor (procmon) when Reliability Monitor (perfmon /rel) cannot see the layer the fault sits in, and Windows Performance Recorder for the cases where neither of those answers cleanly. That ordering is not academic. It matches the layers the failure tends to surface through, so the cheap signal lands first and the heavier tooling only comes out when the simpler answer does not hold up under scrutiny.

Verification I run before I close the ticket

Before I mark the 0x80310024 symptom resolved on a Windows unit, the verification loop below is what I actually run. Each step proves a different layer is green, and the order matters - the cheap checks gate the more expensive ones.

wevtutil epl System system.evtx  # export for offline review

If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.

DISM /Online /Cleanup-Image /RestoreHealth

If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.

sfc /scannow

If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.

err.exe 0xXXXXXXXX  # symbolic decode

If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.

Get-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)}

Only when every line above runs clean do I close the ticket and update the runbook with the timestamps.

Where I check first when the docs disagree

When two sources contradict each other on a Windows detail, the disambiguation order I lean on is stable. I usually start at github.com/microsoft/Windows-Driver-Frameworks for the ground-truth view on Windows. I usually start at techcommunity.microsoft.com/category/windows for the ground-truth view on Windows. I usually start at learn.microsoft.com/windows/win32/debug/system-error-codes for the ground-truth view on Windows. I usually start at support.microsoft.com for the ground-truth view on Windows. Random blog posts and reseller wikis are signal, not ground truth, and I treat them as such until the references above either confirm or contradict the claim.

Pitfalls I have walked into on this exact path

The shortcuts that look smart on the 0x80310024 symptom have a habit of biting back. The pitfalls below are the ones I have personally walked into on a Windows unit, not things I read about. Reliability Monitor is the single most underused triage surface in Windows — it gives 30 days of crash history without writing a query. STOP codes look terrifying but the first DWORD almost always points directly at the responsible driver. Windows error codes come in a handful of families; once you recognise the family, the doc page is one search away. When in doubt I revert to the slower path that the manual prescribes - the time I save by skipping it is always smaller than the time I spend cleaning up afterwards.

What I tell the next on-call

When I hand the 0x80310024 symptom off to the next person on rotation, the three lines I leave in the runbook are these. First, the symptom signature for Windows on the Windows family - not a paraphrase, the exact string that surfaces. Second, the diagnostic that gave the highest signal in the least time. Third, the exact verification command whose green output justified closing the ticket. That trio is what turns a one-off fix into a runbook entry the next engineer can use without paging me at three in the morning.

I also add a one-line note on the cost of getting this wrong. For the 0x80310024 symptom on a Windows unit, the cost is rarely the replacement part. It is the downtime, the second site visit, and the trust deficit you spend with whoever owns the asset when the fix does not hold. That framing keeps the next on-call from choosing the cheap-looking shortcut that ends up costing the most in elapsed hours and goodwill.