You see error code 0x8004de40 when signing into OneDrive for Business while connected to your corporate VPN. This error keeps returning even after you close and reopen the app. The root cause is a network authentication conflict: your VPN connection interferes with how OneDrive validates your Microsoft 365 credentials, causing the sign-in process to fail repeatedly. This article explains why the 0x8004de40 error occurs specifically for VPN users and provides a set of targeted fixes to resolve it permanently.
Key Takeaways: Fixing OneDrive Error 0x8004de40 on VPN
- VPN split tunneling configuration: Exclude Microsoft 365 authentication endpoints from the VPN tunnel to prevent credential conflicts.
- Windows Credential Manager update: Remove and re-add your Microsoft 365 credentials to clear corrupted authentication data.
- OneDrive reset command: Run
onedrive.exe /resetto clear the cached sign-in state without deleting local files.
Why the 0x8004de40 Error Occurs with VPN Connections
Error 0x8004de40 is a sign-in authentication failure that OneDrive returns when it cannot verify your identity with Microsoft 365 servers. For VPN users, the issue has two primary causes.
Network Authentication Conflict
When you connect to a corporate VPN, all traffic is routed through the VPN tunnel. Your organization may use a proxy server or firewall that intercepts traffic to login.microsoftonline.com and other Microsoft authentication endpoints. This interception can break the OAuth 2.0 token exchange that OneDrive relies on. The result is error 0x8004de40, which reappears each time you attempt to sign in because the VPN connection remains active.
Corrupted Credential Cache
OneDrive stores your sign-in tokens in the Windows Credential Manager. If the VPN connection drops or changes during the authentication handshake, the cached token can become corrupted. The next time OneDrive tries to use that token, it fails with the same error. Because the corrupted token is stored persistently, the error keeps returning until the credential cache is cleared.
Step-by-Step Fixes for Error 0x8004de40
Apply these fixes in the order shown. Test OneDrive sign-in after each step before moving to the next.
Method 1: Configure VPN Split Tunneling for Microsoft 365 Endpoints
Work with your IT department to enable split tunneling on your VPN client. This allows traffic to Microsoft 365 authentication servers to bypass the VPN tunnel.
- Identify required Microsoft 365 endpoints
Open the Microsoft 365 URLs and IP address ranges page atdocs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges. Focus on the Id and Optimize categories for Exchange Online, SharePoint Online, and Azure Active Directory. - Add endpoints to VPN split tunnel configuration
In your VPN client settings, add these domains to the split tunnel exclusion list:login.microsoftonline.com,login.windows.net,sharepoint.comand all subdomains, andonedrive.comand all subdomains. For Cisco AnyConnect, go to the Profile Editor and add the URLs under Exclude Routes. For Palo Alto GlobalProtect, use the GlobalProtect portal to configure split tunneling. - Reconnect the VPN
Disconnect and reconnect your VPN session to apply the new routing rules. Then open OneDrive and attempt to sign in.
Method 2: Clear and Refresh Windows Credentials
- Open Credential Manager
Press the Windows key, type Credential Manager, and press Enter. Click Windows Credentials. - Remove OneDrive and Microsoft Office credentials
Scroll to the Generic Credentials section. Look for entries that start with MicrosoftOffice16_Data:ADAL: or OneDrive Cached Credential. Click the arrow to expand each entry, then click Remove and confirm. - Restart OneDrive
Right-click the OneDrive icon in the system tray and select Quit OneDrive. Press the Windows key, type OneDrive, and press Enter to relaunch the app. Sign in with your work or school account.
Method 3: Reset OneDrive Sync State
- Open a Run dialog
Press Windows key + R to open the Run dialog. - Run the reset command
Typeonedrive.exe /resetand press Enter. A Command Prompt window appears briefly. Wait 60 seconds for the process to complete. - Start OneDrive manually
Press Windows key, type OneDrive, and press Enter. The setup wizard opens. Enter your Microsoft 365 email address and password. The reset command does not delete your local files; it only clears the cached sign-in state.
Method 4: Disable IPv6 on the VPN Adapter
Some VPN configurations cause IPv6 traffic to fail during authentication. Disabling IPv6 on the VPN adapter can resolve this.
- Open Network Connections
Press Windows key, type View network connections, and press Enter. - Locate the VPN adapter
Right-click your VPN connection and select Properties. - Uncheck Internet Protocol Version 6
In the Networking tab, scroll to Internet Protocol Version 6 TCP/IPv6. Uncheck the box and click OK. - Reconnect the VPN and test OneDrive
Disconnect and reconnect the VPN. Open OneDrive and sign in.
If OneDrive Still Returns Error 0x8004de40
OneDrive shows error immediately after VPN reconnects
This happens when the VPN client changes the network adapter DNS settings. Open Windows Settings > Network & Internet > Status > Network reset. Click Reset now and restart your computer. After the restart, reconfigure your VPN connection. This clears any stale DNS cache that may interfere with Microsoft 365 authentication.
Error appears only on certain Wi-Fi networks
Some public or guest Wi-Fi networks block port 443 traffic to Microsoft 365 servers. Connect to your corporate network directly or use a mobile hotspot to test. If the error disappears, the Wi-Fi network is the cause. Contact your network administrator to unblock the required endpoints.
OneDrive prompts for credentials repeatedly after successful sign-in
This indicates that the authentication token is not being persisted correctly. Open OneDrive settings > Account > Unlink this PC. Then go to Windows Settings > Accounts > Access work or school. Click Disconnect next to your Microsoft 365 account. Restart the computer and sign in again from scratch. This forces a full token refresh.
VPN Split Tunneling vs Full Tunnel for OneDrive Sign-In
| Item | Split Tunneling | Full Tunnel |
|---|---|---|
| Description | Routes only corporate traffic through the VPN; Microsoft 365 traffic goes directly to the internet | All traffic, including Microsoft 365, goes through the VPN tunnel |
| Authentication success rate | High — no proxy interference with OAuth endpoints | Low — proxy or firewall may block token exchange |
| Security posture | Moderate — some traffic bypasses VPN inspection | High — all traffic is inspected by corporate security |
| Configuration effort | Requires IT to update VPN client profile | None — default VPN behavior |
| Recommended for | Users who frequently work with cloud services like OneDrive and Microsoft 365 | Users who need full traffic inspection for compliance |
After completing the steps above, you can sign into OneDrive without the 0x8004de40 error reappearing. If the error persists, ask your IT team to verify that the VPN split tunnel configuration includes all Microsoft 365 authentication endpoints listed in the Microsoft 365 URLs and IP address ranges documentation. An advanced tip: enable OneDrive network diagnostic logging by setting the registry key HKEY_CURRENT_USER\Software\Microsoft\OneDrive\EnableTroubleshooting to a DWORD value of 1, then check the log file at %localappdata%\Microsoft\OneDrive\logs for additional error details.