Help desk teams frequently encounter the OneDrive for Business sign-in error 0x8004de40, which repeatedly blocks user authentication even after re-entering credentials. This error typically occurs when the Microsoft 365 authentication token cache becomes corrupted, when the Windows Credential Manager stores outdated credentials, or when network proxy settings interfere with the sign-in flow. This article explains the root causes of the 0x8004de40 error, provides a systematic fix that removes stale tokens and resets the sync client, and covers related failure patterns that help desk staff should know.
Key Takeaways: OneDrive 0x8004de40 Sign-In Error Fix
- Windows Credential Manager > Windows Credentials > Generic Credentials: Remove all entries containing “MicrosoftOffice16” and “OneDrive Cached Credential” to clear corrupted tokens.
- OneDrive Settings > Account > Unlink this PC: Disconnects the current device from the user’s Microsoft 365 tenant, forcing a fresh token request on next sign-in.
- Command Prompt (Admin) > netsh winhttp reset proxy: Resets the WinHTTP proxy configuration, which resolves sign-in failures caused by misconfigured or stale proxy settings.
Why Error 0x8004de40 Keeps Returning After Repeated Sign-In Attempts
Error 0x8004de40 is a client-side authentication failure that occurs when the OneDrive sync app cannot validate the user’s identity with the Microsoft 365 authentication service. The error code maps to a general access denied or credential rejection response from the Azure Active Directory authentication endpoint. The most common root cause is a corrupted or expired OAuth token stored in the Windows Credential Manager. When the token cache contains stale entries, the sync client reuses the invalid token instead of requesting a new one from the identity platform.
A second frequent cause is a mismatch between the proxy configuration that Windows uses for web requests and the proxy settings that OneDrive expects. If a help desk has configured a corporate proxy or VPN that changes the authentication endpoint, the token request may be redirected or blocked, triggering the 0x8004de40 error. The error persists because the token cache is not flushed when the proxy changes, so the client repeatedly submits the old token to the wrong endpoint.
A third cause involves the Windows Credential Manager storing credentials from a previous Microsoft 365 tenant or a personal Microsoft account. If a user has signed in to OneDrive with a different account on the same device, the credential manager may hold conflicting entries. The sync client picks the wrong credential and fails authentication, and the error reappears each time the user attempts to sign in.
Systematic Steps to Clear Corrupted Credentials and Reset OneDrive Sync
- Close OneDrive completely
Right-click the OneDrive cloud icon in the system tray and select Exit. Verify that no OneDrive process runs in Task Manager under the Processes tab. If the process remains, end it manually. - Open Windows Credential Manager
Press the Windows key, type Credential Manager, and open the app. Select Windows Credentials from the top menu bar. Scroll to the Generic Credentials section. - Remove all Microsoft Office and OneDrive credential entries
Look for entries with names containing MicrosoftOffice16, OneDrive Cached Credential, or Microsoft AAD. Click the arrow next to each entry, then select Remove. Confirm the removal. Remove every entry that relates to Office or OneDrive. Do not skip entries that appear to be duplicates. - Reset the WinHTTP proxy configuration
Open Command Prompt as Administrator. Type netsh winhttp reset proxy and press Enter. This command clears any manually configured proxy that may interfere with authentication. Close the Command Prompt window. - Restart the device
Reboot the computer to ensure all credential changes take effect and that Windows clears any cached network sessions. - Launch OneDrive and sign in again
Open OneDrive from the Start menu or desktop shortcut. Enter the user’s Microsoft 365 work or school account credentials. When prompted, complete the multi-factor authentication if required. The error 0x8004de40 should not appear after a clean token request. - Verify that sync starts normally
After sign-in, confirm that the OneDrive icon shows a solid cloud or a syncing animation. Open File Explorer and check that the OneDrive folder populates with files from the user’s tenant. If the error returns, proceed to the advanced steps below.
Advanced Fix: Reset OneDrive Sync Client via Command Line
If the error persists after clearing credentials, reset the OneDrive sync client using the built-in reset command. This action removes all cached data and forces the client to reinitialize its local database.
- Open a Run dialog
Press Windows key + R, type %localappdata%\Microsoft\OneDrive\onedrive.exe /reset, and press Enter. A Command Prompt window opens briefly and closes automatically. - Wait for the reset to finish
Do not interact with OneDrive for about 30 seconds. The reset process deletes the local sync database and resets the app to its initial state. - Re-launch OneDrive
Press Windows key + R again, type %localappdata%\Microsoft\OneDrive\onedrive.exe, and press Enter. The sign-in window appears. Enter the user’s credentials and complete the sign-in flow.
If OneDrive Still Shows Error 0x8004de40 After the Main Fix
OneDrive 0x8004de40 error appears after a tenant migration
When a user moves from one Microsoft 365 tenant to another, the local credential cache retains tokens from the old tenant. The sync client attempts to authenticate against the new tenant with old tokens. Remove all credentials from Windows Credential Manager as described above, then run the OneDrive reset command. After the reset, sign in with the new tenant credentials. Verify that the user’s OneDrive for Business site URL matches the new tenant.
Error returns after every Windows update
Some Windows updates reset the WinHTTP proxy settings or change the network category from private to public. When the network profile changes, OneDrive may block authentication. Run the netsh winhttp reset proxy command again and set the network profile to private in Windows Settings > Network & Internet > Wi-Fi > Properties. Then restart OneDrive.
Error appears only on domain-joined devices with forced proxy
If the organization uses Group Policy to enforce a specific proxy server, the netsh reset command may not be sufficient. Check the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings for the values ProxyServer and ProxyEnable. If these values are set by Group Policy, contact the network team to add login.microsoftonline.com and sharepoint.com to the proxy bypass list.
OneDrive Credential Reset vs OneDrive Full Reset: Key Differences
| Item | Credential Manager Reset | OneDrive /reset Command |
|---|---|---|
| Scope | Removes stored OAuth tokens and cached passwords from Windows | Deletes the local sync database, settings, and cached file metadata |
| Effect on local files | No files are deleted; sync state is lost until next sign-in | No files are deleted; all files remain in the local OneDrive folder |
| Effect on sync settings | Settings such as selective sync and backup preferences remain | All custom sync settings are reset to defaults |
| When to use first | Always run this step first for authentication errors | Use only if credential reset does not resolve the error |
| Time to complete | Less than 2 minutes | Approximately 5 minutes including re-sign-in |
Help desk teams should always clear Windows Credential Manager entries before running the OneDrive reset command. The credential reset is faster, preserves user settings, and resolves the 0x8004de40 error in most cases. Reserve the full reset for persistent errors that survive a credential wipe.
After completing the fix, instruct the user to check that OneDrive syncs files correctly and that the cloud icon shows a solid cloud. If the error reappears within one week, inspect the device for third-party security software that may block the login.microsoftonline.com endpoint. Add the endpoint to the software’s allow list to prevent future authentication failures.