Remote workers who reset their Microsoft 365 password often see error 0x8004de40 when they try to sign into OneDrive. The error message typically says “Sign in required” or “Something went wrong” with no clear next step. This happens because OneDrive caches the old authentication token locally, and the new password alone does not force a refresh of that token. This article provides an admin checklist to resolve the 0x8004de40 error for remote workers, covering token removal, credential manager cleanup, and group policy settings that prevent the issue from recurring.
Key Takeaways: Resolving OneDrive Error 0x8004de40 After Password Reset
- OneDrive Settings > Account > Unlink this PC: Forces OneDrive to discard cached tokens and start a fresh sign-in flow.
- Windows Credential Manager > Windows Credentials: Delete all entries that contain “MicrosoftOffice” or “OneDrive” to remove stale tokens.
- PowerShell script for remote token cleanup: Run
Get-ChildItem "$env:LOCALAPPDATA\Microsoft\OneDrive\settings\Business1\" -Filter dat | Remove-Item -Forceto delete cached token files without user interaction.
Why Error 0x8004de40 Occurs After a Password Reset
When a user changes their Microsoft 365 password, the authentication tokens stored by OneDrive on the local machine become invalid. OneDrive does not automatically detect the password change and continues trying to use the expired token. The result is error 0x8004de40, which indicates that the token stored in the Windows Credential Manager or in the OneDrive token cache file is no longer valid.
Remote workers are especially affected because they are not connected to the corporate network when the password reset occurs. OneDrive cannot receive a push notification about the credential change, and the local token cache remains untouched until the user manually triggers a sign-out. The error appears as a persistent red banner in the OneDrive system tray icon, and the sync engine stops processing files.
Two separate caches hold the invalid token:
- Windows Credential Manager: Stores the OAuth token that Windows uses for Microsoft 365 apps.
- OneDrive local settings folder: Stores a cached session token in a .dat file.
Both locations must be cleared before OneDrive can request a new token with the updated password.
Admin Checklist: Steps to Fix Error 0x8004de40 for Remote Workers
Use this checklist in order. Each step builds on the previous one. If the user is remote and cannot come into the office, provide these instructions via email or remote support tool. For users who are not comfortable with Credential Manager, skip to Step 3 which uses a PowerShell script.
Step 1: Unlink OneDrive from the PC
- Open OneDrive Settings
Right-click the OneDrive cloud icon in the system tray and select Settings. Go to the Account tab. - Click Unlink this PC
Below the account email address, click Unlink this PC. Confirm the prompt. This removes the cached token from the OneDrive settings folder but does not delete local files. - Close OneDrive completely
Right-click the OneDrive icon again and select Exit. Wait 10 seconds before proceeding.
Step 2: Clear Windows Credential Manager
- Open Credential Manager
Press Windows + R, typecontrol keymgr.dll, and press Enter. Alternatively, search for “Credential Manager” in the Start menu. - Select Windows Credentials
Click Windows Credentials at the top of the window. - Remove all MicrosoftOffice and OneDrive entries
Scroll through the list under “Generic credentials.” Look for entries that start with MicrosoftOffice or contain OneDrive. Click the arrow to expand each entry, then click Remove. Confirm the deletion. Do not skip any entries that contain “Microsoft” or “OneDrive.” - Restart the computer
A restart ensures that the credential cache is fully cleared. If restarting is not possible, sign out and sign back in.
Step 3: Use PowerShell to Clear OneDrive Token Cache Remotely
For remote workers who are not comfortable with Credential Manager, run this PowerShell script via remote management tool or provide it as a text file to run locally.
- Open PowerShell as Administrator
Press Windows + X and select Windows PowerShell (Admin). If prompted by User Account Control, click Yes. - Run the token cache cleanup command
Copy and paste the following command, then press Enter:Get-ChildItem "$env:LOCALAPPDATA\Microsoft\OneDrive\settings\Business1\" -Filter dat | Remove-Item -Force
This deletes all .dat files in the Business1 folder where OneDrive stores session tokens. The folder name may vary if the user has multiple work or school accounts; repeat the command withBusiness2,Business3, etc., if needed. - Clear Credential Manager via PowerShell
Run this command to remove all Microsoft Office credentials:vaultcmd /listcreds:"Windows Credentials" | Select-String "MicrosoftOffice" | ForEach-Object { vaultcmd /deletecreds:"Windows Credentials" /credentialid:"$($_.ToString().Split(':')[1].Trim())" }
If the command fails, manually delete the credentials using Step 2. - Restart OneDrive
Press Windows + R, typeonedrive, and press Enter. Sign in with the new password.
Step 4: Verify Sync and Re-enable Files On-Demand
- Check OneDrive status
Click the OneDrive cloud icon. The status should show “Up to date” with no error banner. - Re-enable Files On-Demand
Open OneDrive Settings, go to the Sync and backup tab, and under Files On-Demand, check the box for Save space and download files as you use them. Click OK.
If OneDrive Still Has Issues After the Main Fix
OneDrive error 0x8004de40 reappears after a few hours
This indicates that a secondary token cache exists in the user’s browser profile. Clear the browser cache for Microsoft Edge, Chrome, or Firefox. In Edge, go to Settings > Privacy, search, and services > Clear browsing data > Choose what to clear. Select Cookies and other site data and Cached images and files, then click Clear now.
OneDrive prompts for password even after signing in successfully
The user may have an old work or school account still attached. Open OneDrive Settings > Account and check if multiple accounts appear under Account. Remove any account that is no longer in use by clicking Remove account next to it.
Error persists for multiple remote workers after a mass password reset
Consider deploying a Group Policy Object that disables OneDrive token caching for remote workers. In the Microsoft 365 admin center, go to Settings > Org settings > OneDrive > Sync and enable Require users to sign in with their work or school account. This forces OneDrive to re-authenticate every time the app starts, preventing cached tokens from causing errors after a password change.
Token Cache Cleanup Methods: Comparison
| Item | Manual Unlink + Credential Manager | PowerShell Script |
|---|---|---|
| User skill required | Basic Windows navigation | Ability to run PowerShell as admin |
| Remote execution | User must follow instructions | Can be pushed via RMM or Intune |
| Clears OneDrive token cache | Yes, via Unlink | Yes, deletes .dat files directly |
| Clears Credential Manager | Yes, manual removal | Yes, via vaultcmd command |
| Risk of data loss | None | None |
After completing the checklist, the remote worker can sign into OneDrive with the new password and resume syncing files. To prevent error 0x8004de40 from recurring, configure a Microsoft 365 conditional access policy that requires re-authentication every 90 days. For users who frequently reset their passwords, enable the Sign out of all sessions option in the Microsoft 365 admin center when performing the reset. This invalidates all cached tokens at the server level, so OneDrive requests a fresh token immediately after the password change.