When you attempt to upgrade to Windows 10 from a Windows 7/8 computer using Microsoft’s Media Creation Tool, the error
0x80072F8F - 0x20000 may appear. The full error message verbatim is below:
There was a problem running this tool We're not sure what happened, but we're unable to run this tool on your PC. If you continue experiencing problems, reference the error code when contacting customer support. Error code: 0x80072F8F - 0x20000
Let’s see how to fix this error on Windows 7 and Windows 8.
Important: Information in this article (and the registry fix) is for Windows 7 SP1 and Windows 8 systems only. They don’t apply to Windows 8.1 and higher!
0x80072F8F - 0x20000 happens because the Media Creation Tool uses the TLS 1.2 Protocol, but the protocol is disabled by default on Windows 7 and Windows 8 computers. By default, only SSL3 and TLS1 are enabled in Windows 7 and Windows 8. On Windows 8.1 and Windows 10, SSL3, TLS1.0, TLS1.1, and TLS1.2 are enabled by default.
[Fix] Media Creation Tool Error 0x80072F8F – 0x20000
To resolve the Media Creation Tool Error 0x80072F8F – 0x20000 error on Windows 7 and Windows 8 computers, enable the TLS 1.1 and TLS 1.2 protocols. Follow these steps to do so:
Method 1: Enable TLS 1.1 and TLS 1.2 via the registry (Windows 7 & 8)
- Make sure your system is fully updated.
- Open Notepad.
- Copy the following lines into Notepad.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
- Save the file with a .reg extension — e.g.,
- Double-click the
enable_tls.regfile to apply the settings into the registry. Click Yes when asked for confirmation.
- If you’re using Windows 7, download the KB3140245 package (TLS 1.1/1.2 enablement update) from Microsoft and install it. This step may not be needed for Windows 8.
- Restart Windows.
- Download registry files: If you wish to download premade registry file(s), download enable-tls.zip. Unzip and run the enclosed file
enable_tls.reg. To reverse/undo the setting to Windows 7/8 defaults, run the
(Credits to Markus for the fix.)
Method 2: Easy Fix (for Windows 7 only)
The above registry fix was created incorporating the suggestions in the Microsoft article titled Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP
The article talks about the Microsoft Update with will enable TLS 1.1 and TLS 1.2 support via KB3140245 package. Here are the instructions:
- Download the KB3140245 package. Don’t run it yet.
- Download the “Easy Fix” executable via the above link (direct download) and run it. The fix will create the
DefaultSecureProtocolsregistry value which is a prerequisite for the Microsoft update.
- Now run the KB3140245 .msi package you downloaded in Step 1.
This automatically enables TLS 1.1 and TLS 1.2 on the computer.
Re-run the Media Creation Tool now. It should work now!
Note that the Easy Fix sets the “
DefaultSecureProtocols” registry value only; it doesn’t write to the
SCHANNEL registry location. But the manual registry fix in “Method 1” above does both! So, if you’ve explicitly disabled the TLS 1.1 and TLS 1.2 protocols via the
SCHANNEL registry modification (e.g., by using the nisudf.reg registry fix to resolve a game/server connectivity issue), then the “Easy Fix” tool won’t help. You need to use “Method 1” in that case.