Media Creation Tool Error 0x80072F8F – 0x20000 in Windows 7/8

When you attempt to upgrade to Windows 10 from a Windows 7/8 computer using Microsoft’s Media Creation Tool, the error 0x80072F8F - 0x20000 may appear. The full error message verbatim is below:

There was a problem running this tool

We're not sure what happened, but we're unable to run this tool on your PC. If you continue experiencing problems, reference the error code when contacting customer support. Error code: 0x80072F8F - 0x20000

Let’s see how to fix this error on Windows 7 and Windows 8.

Important: Information in this article (and the registry fix) is for Windows 7 SP1 and Windows 8 systems only. They don’t apply to Windows 8.1 and higher!

Cause

The error 0x80072F8F - 0x20000 happens because the Media Creation Tool uses the TLS 1.2 Protocol, but the protocol is disabled by default on Windows 7 and Windows 8 computers. By default, only SSL3 and TLS1 are enabled in Windows 7 and Windows 8. On Windows 8.1 and Windows 10, SSL3, TLS1.0, TLS1.1, and TLS1.2 are enabled by default.

[Fix] Media Creation Tool Error 0x80072F8F – 0x20000

To resolve the Media Creation Tool Error 0x80072F8F – 0x20000 error on Windows 7 and Windows 8 computers, enable the TLS 1.1 and TLS 1.2 protocols. Follow these steps to do so:

Method 1: Enable TLS 1.1 and TLS 1.2 via the registry (Windows 7 & 8)

1. Make sure your system is fully updated.
2. Open Notepad.
3. Copy the following lines into Notepad.

   Windows Registry Editor Version 5.00
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
   "DefaultSecureProtocols"=dword:00000a00
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
   "DefaultSecureProtocols"=dword:00000a00
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
   "DisabledByDefault"=dword:00000000
   "Enabled"=dword:00000001
   
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
   "DisabledByDefault"=dword:00000000
   "Enabled"=dword:00000001

4. Save the file with a .reg extension — e.g., enable_tls.reg
5. Double-click the enable_tls.reg file to apply the settings into the registry. Click Yes when asked for confirmation.
6. If you’re using Windows 7, download the KB3140245 package (TLS 1.1/1.2 enablement update) from Microsoft and install it. This step may not be needed for Windows 8.
7. Restart Windows.

• Download registry files: If you wish to download premade registry file(s), download enable-tls.zip. Unzip and run the enclosed file enable_tls.reg. To reverse/undo the setting to Windows 7/8 defaults, run the undo.reg registry file.

(Credits to Markus for the fix.)

---

Method 2: Easy Fix (for Windows 7 only)

The above registry fix was created incorporating the suggestions in the Microsoft article titled Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP

The article talks about the Microsoft Update with will enable TLS 1.1 and TLS 1.2 support via KB3140245 package. Here are the instructions:

1. Download the KB3140245 package. Don’t run it yet.
2. Download the “Easy Fix” executable via the above link (direct download) and run it. The fix will create the DefaultSecureProtocols registry value which is a prerequisite for the Microsoft update.
3. Now run the KB3140245 .msi package you downloaded in Step 1.

This automatically enables TLS 1.1 and TLS 1.2 on the computer.

Re-run the Media Creation Tool now. It should work now!

Editor’s note

Note that the Easy Fix sets the “DefaultSecureProtocols” registry value only; it doesn’t write to the SCHANNEL registry location. But the manual registry fix in “Method 1” above does both! So, if you’ve explicitly disabled the TLS 1.1 and TLS 1.2 protocols via the SCHANNEL registry modification (e.g., by using the nisudf.reg registry fix to resolve a game/server connectivity issue), then the “Easy Fix” tool won’t help. You need to use “Method 1” in that case.