New employees at your organization see the OneDrive sign-in error 0x8004de40 right after resetting their temporary password. The error message typically reads “Something went wrong” or “We couldn’t sign you in” with the code 0x8004de40. This error occurs because the cached credentials on the device still reference the old password, and OneDrive fails to refresh the authentication token. This guide explains the exact cause of the 0x8004de40 error after a password reset and provides the steps to fix it quickly for new hires.
Key Takeaways: Fix OneDrive 0x8004de40 After Password Reset
- Windows Credential Manager > Windows Credentials > OneDrive Cached Credentials: Remove all entries related to OneDrive and Microsoft Office to force a fresh sign-in.
- OneDrive Settings > Account > Unlink this PC: Disconnects the device from the old authentication context and allows a new sign-in with updated credentials.
- OneDrive process restart via Task Manager: Ends the stuck authentication flow and reloads OneDrive with the new token from the Password Reset.
Why the 0x8004de40 Error Occurs After a Password Reset
When a new employee resets their password, Microsoft Entra ID revokes all existing access tokens for that user. OneDrive for Business, however, does not immediately detect the token invalidation. The application continues to use the cached credentials stored in the Windows Credential Manager. These cached credentials still hold the old password hash, which is no longer valid. When OneDrive attempts to contact the Microsoft 365 authentication service, the server rejects the stale token and returns the 0x8004de40 error.
The error code 0x8004de40 specifically maps to AADSTS50076 or AADSTS50079 on the server side, which indicates that the user must reauthenticate because the password changed. The local OneDrive client does not automatically prompt for new credentials in all scenarios. This behavior is by design to prevent frequent sign-in prompts, but it creates a problem after a password reset.
The device itself is not faulty. The network connection is working. The Microsoft 365 license is active. The problem is purely a token mismatch between the local credential cache and the cloud authentication service. Clearing the old cache and forcing a fresh authentication cycle resolves the error.
Steps to Fix the 0x8004de40 Error for New Employees
Perform these steps in the exact order shown. Do not skip the credential removal step, because OneDrive will reuse the cached password if you only restart the app.
- Close OneDrive completely
Right-click the OneDrive cloud icon in the system tray near the clock. Select Settings. In the Settings window, click the Account tab. Click Unlink this PC. Confirm the unlink prompt. After unlinking, right-click the OneDrive icon again and select Exit. Verify that no OneDrive process remains by pressing Ctrl+Shift+Escape to open Task Manager. Look for “Microsoft OneDrive” in the Processes tab. If it appears, right-click and choose End task. - Open Windows Credential Manager
Press the Windows key and type Credential Manager. Click the result to open it. Select Windows Credentials from the top menu. Scroll through the Generic Credentials list. Look for any entry that contains “OneDrive”, “MicrosoftOffice”, “Microsoft_AAD_BrokerPlugin”, or “ADAL”. Common entries include:
–Microsoft.OneDrive
–MicrosoftOffice16_Data:ADAL:...
–Microsoft.AAD.BrokerPlugin
Click each entry to expand it, then click Remove. Confirm the deletion. Remove all entries that relate to Microsoft 365 sign-in, not just OneDrive. - Clear the Windows Store cache
Press the Windows key and type wsreset.exe. Right-click the result and choose Run as administrator. A blank Command Prompt window will open and close automatically. This resets the Microsoft Store cache, which stores some authentication tokens for Office and OneDrive. - Restart the device
Click Start, then the Power icon, and select Restart. Do not use Shut down and then turn on again. Restart ensures that Windows clears all temporary token caches and refreshes the credential manager state. - Sign in to OneDrive with the new password
After the device restarts, press the Windows key and type OneDrive. Click the OneDrive desktop app to launch it. Enter the new employee’s work email address. On the sign-in page, enter the new password that was set after the reset. Complete the OneDrive setup wizard. The sync should start without the 0x8004de40 error. - Verify the sync status
Click the OneDrive icon in the system tray. The status should show “Up to date” or a sync progress bar. Open File Explorer and navigate to the OneDrive folder. Confirm that files appear and are accessible. If the error reappears, repeat steps 1 through 3 and check if any credential entries were missed.
If OneDrive Still Shows Error 0x8004de40 After the Main Fix
OneDrive error appears only on shared or synced team sites
Some users can sign in to their personal OneDrive but see the error when accessing SharePoint document libraries synced through OneDrive. This happens because each SharePoint sync site has its own cached authentication token. Open OneDrive Settings, go to the Account tab, and click Choose folders for the affected SharePoint site. Unsync the site completely. Then click Add a shortcut to OneDrive from the SharePoint site in the browser and sync it again.
Error continues after unlinking and credential removal
If the error persists, the device may have a corrupted Windows profile or a stale Microsoft Entra join token. Open a Command Prompt as administrator and run dsregcmd /leave. This removes the device from Microsoft Entra ID. Restart the device. Then run dsregcmd /join to rejoin. After rejoining, sign in to OneDrive again. This step is only necessary for Microsoft Entra joined devices, not for personal Microsoft accounts.
Error appears on a shared or kiosk device
On shared devices where multiple users sign in, the credential cache for one user can interfere with another user’s session. Use the Other user sign-in option on the Windows lock screen. Sign in with the new employee’s credentials. Then launch OneDrive from that user session. Do not use the previous user’s cached profile.
Manual Credential Removal vs Unlink OneDrive: Key Differences
| Item | Manual Credential Removal via Credential Manager | Unlink OneDrive via Settings |
|---|---|---|
| Scope | Removes all cached Microsoft 365 tokens, including Office and SharePoint | Removes only the OneDrive-specific connection to the current user’s account |
| Persistence | Tokens are deleted from the local store permanently until next sign-in | OneDrive removes the account link but the token cache remains in Credential Manager |
| When to use | Required after a password reset to clear the old password hash | Useful for switching accounts or troubleshooting sync without a password change |
| Effect on Office apps | All Office apps will prompt for sign-in again after removal | Office apps may still work because their tokens are separate from OneDrive’s link |
The 0x8004de40 error after a password reset is now resolved for the new employee. The employee can access OneDrive files and sync SharePoint libraries without interruption. To prevent this issue for future new hires, configure a group policy in Microsoft Entra ID that forces token refresh on password change. You can find this setting in Entra Admin Center > Identity > Devices > Device Settings > Require multi-factor authentication to join devices. Enable it to invalidate all cached tokens immediately when a password is reset.