Fix: Windows Update Error 80072F8F

The code 80072F8F is a generic error thrown by Windows Update (WU). It indicates that there’s something wrong with the SSL (Secure Sockets Layer) connection between WU and the Microsoft Server. When one or more errors are found in the SSL certificate used by the server, the user will be presented with the 80072F8F error.

The error message 80072F8F will typically be encountered in the error log after Windows fails to perform an update. The error is not exclusive to a certain Windows version and is usually associated with the following error message :

Your computer’s date and time appear to be out of sync with an update certificate.

There are four main causes that will lead to the 80072F8F:

• Incorrect Time and Date – If the time and date on your computer do not match the ones on the Microsoft Update server, the secure SSL connection will be terminated. All SSL connections require a valid date and time before determining that a connection is secure.
• Missing Root Certificate Update – If the SSL certificate used to connect to the Microsoft server is not trusted, the connection will fail. If incorrect time and date are not to blame for the issue, you’are likely missing a trusted authority certificate.
• 3rd-party Firewall Blocking SSL Connection – While WU is comfortable working through Windows Firewall, not the same can be said with external firewalls. Some firewalls will save security settings that will make trick Windows Update into determining that SSL connection is not secure.
• Invalid Proxy Settings – There is a lot of hijacking malware capable of altering the Connection settings. This will end up raising red flags when the SSL connection is establishing so the Microsoft server will terminate it.

If you are shown the 80072F8F error code when trying to download a Windows update, there are several different fixes that you can try. Below you have a collection of solutions that have helped a lot of Windows users to deal with the 80072F8F error. Please follow each method in order until you find the steps that work for your situation. Let’s begin!

Method 1: Setting the Correct Time and Date

Whenever an SSL connection needs to be established, the Windows server starts by validating the PC’s time and date. This happens when activating Windows and every Windows update.

If the time is even remotely different from the server’s time and date (+- 5 minutes), the server can throw the error 80072F8F and terminate the SSL connection. If your date and time are off, here’s a quick guide on how to sync them with the ones on the Microsoft server. The following guide will work with Windows 7, Windows 8.1 and Windows 10:

1. Press Windows key + R to open a run window and type timedate.cpl. Hit Enter to open Date and Time settings.
   
2. Select the Date and time tab and click on Change date and time. Then, set the correct date and make sure the clock is just as accurate. Hit Ok to save your selection.
   
3. Once you return to the Date and Time window, click on Change time zone. Make sure you select the appropriate UTC for your area using the drop-down menu. Then, check the box next to Automatically adjust clock for Daylight Saving time and hit Ok.
   
4. Return to the Date and Time window, but this time go to the Internet Time tab and click the Change settings button.
   
5. Start by checking the box next to Synchronize with an Internet time server. Then, use the drop-down menu below to set the server time.windows.com. Hit Update now and wait for the Internet Time Settings to be updated. Finally, hit Ok to save and close the window.
   Note: If you see a message like “ The clock was successfully synchronized with tyme.windows.com“, your time and date settings are correct and should not prevent the SSL connection from happening.
   
6. Reboot your system and try to update your computer again via WU. If it fails again with the 80072F8F error, move to Method 2. 

Method 2: Checking for Invalid Proxy Settings

Invalid Proxy Settings could also be a cause for the 80072F8F error, as the MS protocol is very picky about how a secure connection should look like. If you’re using a proxy server disable it, restart your computer and attempt to update again. If the update applies successfully, you’ll need to look for another proxy server or VPN provider if you want to get future Windows updates while surfing anonymously.

But even if you’re certain that you don’t use any proxy settings, I urge you to double-check, as there is a lot of malware capable of redirecting your traffic through a proxy server. Here’s a quick guide on how to disable proxy settings on Windows:

1. Press Windows + R to open a Run window and type “inetcpl.cpl“. Hit Enter to open the Internet Properties window.
   
2. Click the Connections tab and then click on LAN settings.
   
3. If the box under Proxy server is checked, disable it and hit Ok. Then, click Apply in the Internet Properties menu.
   
4. Reboot your system and attempt to apply the Window Update again. If it fails, continue with the instructions below.

Method 3: Installing the Root Certificate Update

Often times, the SLL certificate used by WU is not trusted by Microsoft’s servers due to a missing root Certification Authority (CA). Most Windows versions use an automatic update mechanism that will download certificate trust lists (CTLs) whenever a new one is available. However, you can manually download and install third-party root certificates that are distributed via Windows Root Certificate Program.

Here’s a quick guide to installing root the certificate update. It should work in every Windows version:

1. Visit this Microsoft Update Catalog link (here), search for “root certificate update“. Then, make sure to download the package appropriate to your Windows version.
   Note: You might be required to open this link with IE in order for the download to start.
2. Open the executable file you’ve just downloaded and click Yes to provide the appropriate permissions when the User Account Control window pops up.
3. Restart your device and attempt to perform the Windows update again. If it fails with the same error code, move to the next method.

Method 4: Disabling the 3rd party Firewall

It’s never a good idea to use two firewalls on the same computer (Windows Firewall + 3rd party firewall). This will create confusion whenever an SSL connection needs to be established between your computer and a Microsoft server, which can end up leading to the 80072F8F error.

If you are using a 3rd party firewall like Zone Alarm, turn it off, restart your computer and see if the update is failing with the same error code. If the update is installing successfully, the issue has to be your additional firewall or a software conflict, since WU has no problem working under Windows Firewall.

In the event that you want to keep using your 3rd party firewall and remove the 80072F8F error, you can try one of two things:

• Disable Windows Firewall and eliminate the conflict – If you’re keen on using a 3rd party firewall, it’s important to disable the built-in firewall solution. To do this, press Windows + R and type firewall.cpl in the Run window. Then, click on Turn Windows Defender Firewall on or off and disable it for both Public network settings and Private network settings.
  
• If disabling Windows Firewall still doesn’t allow WU updates to get through your 3rd party firewall, you have little choice but to seek support from the developers of that respective software. Some firewalls have security options that will interfere with the SSL connection.