How to Fix Error Code 0x80072F8F – 0x20000

The 0x80072F8F - 0x20000 error can pop up while upgrading your system from Windows 7 to Windows 10 using the Media Creation Tool if it fails to contact the required Microsoft servers. 

This issue occurs due to the lack of the necessary Transport Layer Security (TLS) protocols in Windows 7. So, you need to enable them or use other methods to upgrade Windows to resolve the issue.

Enable Recent TLS Versions

The Media Creation Tool needs to communicate with some servers for its operation. However, some of these servers only support TLS 1.1 or TLS 1.2 which are not enabled in the Windows 7 SP1 version.

Fortunately, Microsoft has provided updates and instructions on some registry changes to enable these protocols.

1. Ensure you already have Service Pack 1 (SP1) for Windows 7 or Server 2008 R2.
2. Then, go to the Microsoft Update Catalog and search for the KB3140245 update.
3. Download the update for your Windows version and architecture (x64 or x86) but don’t install it now.
   
4. Then, you need to add some registry entries.
   • Open Run by pressing Windows + R.
   • Type regedit and press Enter to open Registry Editor.
   • Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
   • Right-click on an empty area and select New > DWORD (32-bit) Value.
     
   • Set its name as DefaultSecureProtocols
   • Double-click on it. Check Hexadecimal and set the Value data to A00 to enable TLS 1.1 and 1.2.
     
   • If you have a 64-bit system, go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp and add the same registry entry with the same value.
5. You can also run this Microsoft easyfix to automatically make these changes to Registry Editor.
6. Then, you may need to make more registry changes depending on your system. So, it’s better to do so just in case.
   • Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols in Registry Editor.
   • Right-click on Protocols. Select New > Key.
     
   • Set its name to TLS 1.1
   • Create another key with the name TLS 1.2 inside Protocols in the same way.
   • Create a key Client inside both TLS 1.1 and 1.2 by right-clicking on these subkeys.
   • Go inside TLS 1.1/Client.
   • Right-click on Client and select New > DWORD (32-bit) Value and set the name to DisabledByDefault.
     
   • Make sure its value stays 0.
   • Create other DWORD Enabled with the value 1 inside Client.
   • Now, create DisabledByDefault and Enabled enter inside TLS 1.2/Client as well and set their values to 0 and 1 respectively.
     
7. Now, install the KB3140245 update you downloaded earlier.
8. Restart your PC and try running Media Creation Tool again.

Download ISO File from Mobile Phone

Since the error stems from the Media Creation Tool failing to connect to the server due to the lack of TLS 1.1 or TLS 1.2, you can avoid this issue by using another device to download the ISO file. 

1. You can use a mobile phone to download the file if you have 6-8 GB of free space in the device. For some reason, downloading the file using a computer does not work.
2. Microsoft used to host the archived ISO file, but now you need to use other third-party websites, so make sure of its reliability first.
3. Transfer the file to your computer using a data cable or other means.
4. Then, extract the ISO file to your computer using 7-zip or WinRAR. Or mount it to a virtual CD/DVD. After that, run Setup.exe to initiate the upgrade.
   

Alternatively, you can create an ISO file on another computer with Windows 10 through Media Creation and then use it to upgrade your computer.