Windows update error 80072F8F

The code 80072F8F it is a generic error thrown by Windows Update (WU). This indicates that there is something wrong with the SSL connection (Secure Sockets Layer) between WU and Microsoft server. When one or more errors are found in the SSL certificate used by the server, the user will be presented with the error 80072F8F .

The error message 80072F8F it will usually be found in the error log after Windows fails to perform an update. The error is not unique to a certain version of Windows and is usually associated with the following error message:

The date and time on your computer appear to be out of date with an update certificate.

There are four main causes that lead to 80072F8F:

• Incorrect time and date – If the time and date on your computer do not match those on the Microsoft Update server, the secure SSL connection will be canceled. All SSL connections require a valid date and time before determining that a connection is secure.
• Root certificate update is missing – If the SSL certificate used to connect to the Microsoft server is not trusted, the connection will fail. If the wrong time and date are not the cause of the problem, a trusted authority certificate is likely missing.
• Third-party firewall blocking SSL connection – Although WU is comfortable working through the Windows firewall, the same cannot be said for external firewalls. Some firewalls will save security settings that will trick Windows Update into determining that the SSL connection is not secure.

• Invalid proxy settings: there is a large amount of hijacking malware capable of altering connection settings. This will end up raising red flags when the SSL connection is established for the Microsoft server to terminate.

If the error code is displayed 80072F8F When trying to download a Windows update, there are several different solutions you can try. Here is a collection of solutions that have helped many Windows users to fix the error. 80072F8F . Follow each method in order until you find the steps that work for your situation.. Let us begin!

Method 1: set the correct date and time

Every time it is necessary to establish an SSL connection, Windows server starts validating PC time and date. This happens when activating Windows and every Windows update.

If the time is even remotely different from the server time and date (+ – 5 minutes), the server may throw the error 80072F8F and terminate the SSL connection. If your date and time are disabled, here is a quick guide to sync them with Microsoft server. The following guide will work with Windows 7, Windows 8.1 and Windows 10:

1. Press the Windows key + R to open a run window and type timedate.cpl. Press Enter to open the date and time settings.

   

2. Select the Date and Time tab and click Change Date and Time. Then, set the correct date and make sure the clock is just as accurate. Press Ok to save your selection.

   

3. When you return to the Date and Time window, click Change time zone. Make sure to select the appropriate UTC for your area using the drop down menu. Later, check the box next to Automatically adjust clock for daylight saving time and hit OK.

   

4. Return to the Date and Time window, but this time go to the Internet Time tab and click the Change Settings button.

   

5. Start by checking the box next to Synchronize with an internet time server. Later, use the drop down menu below to configure the server time.windows.com. Click Update Now and wait for the internet time settings to update. Finally, press Ok to save and close the window.

   Note: If you see a message like “The clock was successfully synced with tyme.windows.com”, the date and time settings are correct and should not prevent the SSL connection from occurring.

   

6. Reboot your system and try updating your computer again via WU. If it fails again with the error 80072F8F , and Method 2.

Method 2: check for invalid proxy settings

Invalid proxy settings could also be the cause of the error 80072F8F , since the MS protocol is very demanding regarding how a secure connection should be. If you are using a proxy server, disable it, restart your computer and try updating again. If the update is applied successfully, you will need to find another proxy server or VPN provider if you want to get future Windows updates while browsing anonymously.

But even if you are sure you don't use any proxy settings, I urge you to check it out, as there is a large amount of malware capable of redirecting your traffic through a proxy server. Here is a quick guide on how to disable proxy settings in Windows:

1. Press Windows + R to open a run window and type »inetcpl.cpl«. Press Enter to open the Internet Properties window.

   

2. Click on the Connections tab and then click on LAN Settings.

   

3. If the box under Proxy server is checked, uncheck it and press OK. Later, click Apply on the Internet Properties menu.

   

4. Reboot your system and try applying the window update again. If it fails, continue with the instructions below.

Method 3: install root certificate update

Often, Microsoft servers do not trust the SLL certificate used by WU due to lack of a certificate authority (THAT) root. Most versions of Windows use an automatic update mechanism that will download the trusted lists of certificates (CTL) as long as a new one is available. However, you can manually download and install third-party root certificates that are distributed through the Windows Root Certificate Program.

Here is a quick guide to install the root certificate update. It should work on all versions of Windows:

1. Visit this link in the Microsoft Update Catalog (here), search for »root certificate update«. Later, make sure you download the appropriate package for your version of Windows.

   Note: You may be prompted to open this link with IE for the download to begin.

2. Open the executable file you just downloaded and click Yes to provide the proper permissions when the User Account Control window appears.

3. Restart the device and try the Windows update again. If it fails with the same error code, continue with next method.

Method 4: disable third-party firewall

It is never a good idea to use two firewalls on the same computer (Firewall de Windows + third party firewall). This will create confusion whenever it is necessary to establish an SSL connection between your computer and a Microsoft server., which can end up causing the error. 80072F8F .

If you are using a third party firewall like Zone Alarm, turn it off, restart your computer and see if the update fails with the same error code. If the update is installing successfully, the problem must be your additional firewall or a software conflict, since WU has no problem working with Windows firewall.

In case you want to continue using your third party firewall and eliminate the error 80072F8F , you can try one of two things:

• Disable Windows Firewall and remove the conflict: if you want to use a third party firewall, it is important to disable the built-in firewall solution. To do this, press windows + R and type firewall.cpl in the Run window. Later, click Turn Windows Defender Firewall on or off and disable it for both Public Network Settings and Private Network Settings.

  

• If disabling Windows Firewall still does not allow WU updates to pass through the third-party firewall, you have no choice but to seek the support of the developers of that respective software. Some firewalls have security options that interfere with the SSL connection.