After a user resets their Microsoft 365 password, OneDrive may show error code 0x8004de40 when the user tries to sign in on a managed device. The error message typically says “Something went wrong” or “We couldn’t connect to OneDrive.” This happens because cached credentials on the device no longer match the new password. The error also occurs if the device still holds an old authentication token that the server has revoked. This article provides an admin checklist to resolve the error on managed Windows 10 and Windows 11 devices without requiring a full device reimage.
Key Takeaways: Resolving 0x8004de40 After Password Reset
- Clear cached credentials in Credential Manager: Removes the old password token that OneDrive and Windows still use after a password reset.
- Sign out and sign back into OneDrive: Forces a fresh authentication handshake with the new password and a new token from Microsoft Entra ID.
- Restart the Microsoft Account Sign-in Assistant service: Resets the service that brokers the sign-in process between OneDrive and the identity provider.
Why the 0x8004de40 Error Occurs After a Password Reset
When a user changes their Microsoft 365 password, the old authentication token stored on the device becomes invalid. OneDrive uses cached credentials from the Windows Credential Manager to authenticate silently. If the cached credentials still hold the old password, the authentication request fails and returns error 0x8004de40.
On managed devices, Group Policy or Intune may enforce a persistent sign-in session. This session does not automatically refresh when the password changes. The Microsoft Account Sign-in Assistant service, which manages the token cache, also does not detect the password change on its own. The result is a failed connection that shows the error message on the OneDrive icon in the system tray.
The error is not a OneDrive bug. It is a predictable outcome of the credential caching behavior in Windows. Admins can fix it by clearing the stale credentials and forcing a new authentication flow.
Admin Checklist: Steps to Fix 0x8004de40 on Managed Devices
Perform these steps on the affected device. Run the commands in an elevated PowerShell or Command Prompt session where possible.
- Clear cached OneDrive credentials from Credential Manager
Open Control Panel > User Accounts > Credential Manager. Click Windows Credentials. Look for entries that start withMicrosoftOffice16_Data:ADAL:orOneDrive Cached Credential. Click the arrow to expand each entry, then click Remove. Confirm the deletion. Repeat for all entries that reference the user’s email address or Microsoft 365 tenant. - Sign out of OneDrive
Right-click the OneDrive cloud icon in the system tray. Select Help & Settings > Settings. On the Account tab, click Unlink this PC. In the confirmation dialog, click Unlink account. This disconnects OneDrive from the device. - Restart the Microsoft Account Sign-in Assistant service
Open Services console by runningservices.msc. Locate the service named Microsoft Account Sign-in Assistant. Right-click it and select Restart. If the service is not running, start it. Set its startup type to Automatic if it is set to Manual. - Clear the Windows token cache
Open an elevated PowerShell window. Run the commandGet-ChildItem -Path "$env:LOCALAPPDATA\Microsoft\TokenBroker" -Recurse | Remove-Item -Recurse -Force. This deletes cached broker tokens that may still reference the old password. Close PowerShell. - Sign back into OneDrive
Open OneDrive from the Start menu or by running%localappdata%\Microsoft\OneDrive\OneDrive.exe. Enter the user’s email address and new password. Complete the authentication flow. If multi-factor authentication is enabled, the user must complete the MFA prompt. - Verify the sync status
Right-click the OneDrive cloud icon in the system tray. The icon should show a solid blue cloud or a green check mark. Open OneDrive in File Explorer and confirm that files sync correctly. No error code should appear.
When the Error Persists After the Steps Above
If the error returns after the user signs in, the device may have a corrupted OneDrive cache or a stale ADAL token. Run the following steps in order:
- Reset OneDrive
Press Windows key + R, type%localappdata%\Microsoft\OneDrive\OneDrive.exe /reset, and press Enter. Wait 30 seconds. Press Windows key + R again, type the same path without the /reset switch, and press Enter to restart OneDrive. - Clear the browser cache
If the user signs in through a web browser, clear all cached data forlogin.microsoftonline.comandonedrive.live.com. Go to browser settings > Privacy and security > Clear browsing data. Select cookies and cached files for the last four weeks. Clear the data. - Run the Microsoft SaRA tool
Download the Microsoft Support and Recovery Assistant from https://aka.ms/SaRA. Run the tool and select Office > I’m having trouble signing in. Follow the prompts to diagnose and repair the sign-in issue.
If OneDrive Still Has Issues After the Main Fix
OneDrive shows “Sign in required” even after entering the new password
This usually means the Credential Manager still holds a stale entry for the Microsoft Office 365 or Microsoft Account. Go back to Credential Manager and remove all entries under Windows Credentials that contain the user’s email domain or the word “ADAL.” Also remove any entry named MicrosoftOffice16_Data:ADAL:<tenant ID>. Restart OneDrive.
Error 0x8004de40 appears on a newly provisioned device
If the error appears on a device that was never signed into OneDrive before, the issue is likely a device-level authentication policy. Check the Microsoft Entra ID device registration status. Go to the Microsoft 365 admin center > Devices > All devices. Confirm the device is registered and compliant. If the device is not registered, run dsregcmd /join in an elevated command prompt and restart OneDrive.
Multiple users on the same device get the same error after password resets
This points to a cached credential issue at the machine level rather than the user level. Clear the Windows Credential Manager entries for all users by running a PowerShell script that removes all entries with the prefix MicrosoftOffice16_Data:ADAL:. Then restart the Microsoft Account Sign-in Assistant service. If the error continues, check for a Group Policy that sets a persistent token lifetime. The policy is located at Computer Configuration > Administrative Templates > Windows Components > Microsoft Account > Sign-in. Set the policy to Not configured.
Credential Manager vs OneDrive Reset: Key Differences
| Item | Clear Credential Manager | Reset OneDrive |
|---|---|---|
| What it removes | Stored passwords and tokens for Microsoft services | OneDrive sync database, cache, and settings |
| Effect on files | No effect on local files | Local files remain; re-syncs metadata on next launch |
| Effect on sign-in state | Forces OneDrive to prompt for credentials | Resets OneDrive to first-run state |
| When to use | First step for 0x8004de40 after password reset | If clearing credentials does not resolve the error |
| Admin remote execution | Yes, via PowerShell cmdlet cmdkey /list | cmdkey /delete |
Yes, via OneDrive.exe /reset in a remote session |
The error 0x8004de40 after a password reset is a credential caching issue, not a OneDrive corruption problem. Clear the cached credentials first, then sign out and sign back into OneDrive. If the error persists, reset OneDrive and clear the browser cache. On managed devices, check the device registration status in Microsoft Entra ID. Using the steps in this checklist, you can restore OneDrive sync without reinstalling the app or reimaging the device.
After you resolve the error, consider deploying a proactive policy. Use Intune or Group Policy to set the Microsoft Account Sign-in Assistant startup type to Automatic. This reduces the chance of token cache issues after future password resets. You can also configure a PowerShell script in your device provisioning process that clears stale ADAL tokens on each reboot.