OneDrive for Business 0x8004de40 sign-in error troubleshooting for device replacement: keeps returning
🔍 WiseChecker

OneDrive for Business 0x8004de40 sign-in error troubleshooting for device replacement: keeps returning

by

You replaced your Windows device and now OneDrive for Business refuses to sign in, showing error code 0x8004de40. This error persists even after you re-enter your password or reinstall OneDrive. The root cause is a stale or conflicting authentication token cached from your old device that the Microsoft identity platform rejects. This article explains why the error returns after standard fixes and provides three targeted methods to clear the cached credentials and force a fresh sign-in.

Key Takeaways: Clearing the 0x8004de40 Sign-In Loop

  • Windows Credential Manager > Windows Credentials > MicrosoftOffice16_Data:ADAL: Deleting this entry removes the cached authentication token that causes error 0x8004de40 on a replacement device.
  • OneDrive Settings > Account > Unlink this PC: Unlinking from the old device forces the sign-in wizard to request a fresh token instead of reusing a rejected one.
  • Run command: dsregcmd /leave then dsregcmd /join: Rejoining the device to Azure AD resets the device identity that Microsoft 365 uses to validate the sign-in.

ADVERTISEMENT

Why Error 0x8004de40 Persists After a Device Replacement

Error 0x8004de40 is a sign-in failure code that indicates OneDrive cannot authenticate your account because the authentication token presented by the client does not match what the Microsoft identity platform expects. On a replacement device, this mismatch occurs for three specific reasons.

First, the Windows Credential Manager stores a token from the previous device under the entry MicrosoftOffice16_Data:ADAL:<your-tenant-id>. When you sign in on the new device, OneDrive sends this old token. The Microsoft identity platform detects that the token was issued to a different device and rejects it with error 0x8004de40.

Second, the new device may not be properly joined to Azure Active Directory. If the device identity is missing or corrupted, the sign-in flow cannot complete the device-authentication step required by many Microsoft 365 tenants.

Third, a leftover registry key from a previous OneDrive installation can hold a stale device ID. OneDrive reads this registry key during startup and attempts to reuse the old device binding, which triggers the same rejection.

Standard fixes like reinstalling OneDrive or clearing the browser cache do not remove these three artifacts. That is why the error keeps returning. The steps below target each artifact directly.

Steps to Clear Stale Credentials and Fix the Sign-In Error

Perform these steps in order. Do not skip any step. After each method, test the sign-in by opening OneDrive and entering your work or school account credentials.

Method 1: Delete the Stale Token from Windows Credential Manager

  1. Open Credential Manager
    Press Windows Key + R, type control /name Microsoft.CredentialManager, and press Enter.
  2. Switch to Windows Credentials
    Click Windows Credentials in the top navigation bar.
  3. Locate the OneDrive token
    Scroll down to the Generic Credentials section. Look for an entry named MicrosoftOffice16_Data:ADAL:<your-tenant-id>. The tenant ID is a long string of letters and numbers.
  4. Expand and remove the entry
    Click the arrow to expand the entry, then click Remove. Confirm the deletion when prompted.
  5. Delete any duplicate entries
    If you see multiple entries with similar names, remove all of them. Also remove any entry that contains ADAL or OneDrive.
  6. Restart OneDrive
    Right-click the OneDrive icon in the notification area and select Close OneDrive. Open OneDrive from the Start menu. You should now see the full sign-in screen instead of the error.

Method 2: Unlink OneDrive and Re-authenticate

  1. Open OneDrive settings
    Right-click the OneDrive icon in the notification area and select Settings.
  2. Go to the Account tab
    Click the Account tab in the OneDrive settings window.
  3. Unlink this PC
    Click Unlink this PC. Confirm the action when the warning dialog appears.
  4. Close OneDrive completely
    Right-click the OneDrive icon again and select Close OneDrive.
  5. Clear the OneDrive registry key
    Press Windows Key + R, type regedit, and press Enter. Navigate to HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1. Right-click the Business1 key and select Delete. Close Registry Editor.
  6. Restart and sign in
    Open OneDrive from the Start menu. Enter your work or school email address and password. Complete the multi-factor authentication challenge if your tenant requires it.

Method 3: Rejoin the Device to Azure AD

  1. Open Command Prompt as administrator
    Press Windows Key + X and select Windows Terminal (Admin) or Command Prompt (Admin).
  2. Leave the current Azure AD join
    Type the following command and press Enter:
    dsregcmd /leave
    Wait for the message Leaving the join completed successfully.
  3. Restart the device
    Close all windows and restart Windows.
  4. Join the device to Azure AD again
    Open Command Prompt as administrator again. Type the following command and press Enter:
    dsregcmd /join
    Wait for the message Join completed successfully.
  5. Verify the device status
    Type dsregcmd /status and press Enter. Confirm that AzureAdJoined shows YES and DomainJoined shows the correct domain.
  6. Open OneDrive and sign in
    Launch OneDrive. The sign-in flow should now complete without error 0x8004de40.

ADVERTISEMENT

If OneDrive Still Shows Error 0x8004de40 After These Steps

OneDrive sign-in still fails after deleting credentials and unlinking

The registry key may not have been fully removed. Open Registry Editor and navigate to HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts. Delete the entire Accounts key. This removes all cached account data including device bindings. Then restart OneDrive and sign in again.

Error appears immediately after signing in on a new device that was never used before

This usually means the device is not Azure AD joined. Open Settings > Accounts > Access work or school. If your tenant domain is not listed under Connected to <tenant> Azure AD, click Connect and follow the join wizard. After joining, repeat Method 3 steps 4 through 6.

Error returns after a Windows update or feature update

A Windows feature update can reset the device registration. Run dsregcmd /status in an elevated Command Prompt. If AzureAdJoined shows NO, repeat Method 3 completely. Then delete the credential entry from Credential Manager again as described in Method 1.

Manual Credential Deletion vs Unlink This PC: What Works Better for Device Replacement

Item Manual Credential Deletion (Method 1) Unlink This PC (Method 2)
What it removes Stale authentication token from Credential Manager Device binding from OneDrive settings and registry
Requires admin rights No No
Effect on local files None Stops sync but keeps local copies
Best used when Token is the only problem and device is already Azure AD joined Old device binding persists and credential deletion alone did not work

Use Method 1 first because it is faster and does not interrupt sync. If the error returns after a reboot, proceed with Method 2. Use Method 3 only when the other methods fail or when the device was never properly joined to Azure AD.

You can now resolve the 0x8004de40 sign-in error on a replacement device by deleting the stale token from Credential Manager, unlinking OneDrive, or rejoining the device to Azure AD. Start with the Credential Manager fix because it takes less than two minutes. If the error reappears after a future Windows update, run the dsregcmd /status command first to check the device join state before repeating the credential deletion.

ADVERTISEMENT

← Back to WiseChecker HomeMore in OneDrive

🔍 Recommended for You