After resetting your Microsoft 365 password, you might see error code 0x8004de40 when trying to sign in to OneDrive for Business on a company-managed device. This error typically appears because cached credentials stored by Windows Credential Manager become stale after a password change. The sync client cannot authenticate with the new password, causing the sign-in to fail. This guide explains why the error occurs and provides step-by-step methods to resolve it on managed Windows 10 and Windows 11 devices.
Key Takeaways: Fixing the 0x8004de40 Sign-In Error After Password Reset
- Windows Credential Manager > Windows Credentials > OneDrive Cached Credentials: Remove all entries related to OneDrive and MicrosoftOffice16 to force re-authentication.
- OneDrive Settings > Account > Unlink this PC: Disconnects the sync client and clears local authentication tokens stored in the registry.
- Run command:
%localappdata%\Microsoft\OneDrive\onedrive.exe /reset: Resets the OneDrive sync client without affecting your local files.
Why the 0x8004de40 Error Occurs After a Password Reset
Error 0x8004de40 is a sign-in failure code that indicates the OneDrive sync client cannot authenticate with the Microsoft 365 identity platform. On managed devices, the primary cause is stale cached credentials stored in Windows Credential Manager. When you change your Microsoft 365 password, the old credentials remain in the credential store. The OneDrive client attempts to use these outdated credentials, which are rejected by Azure Active Directory. The sync client then fails to obtain a valid token, resulting in the 0x8004de40 error.
Managed devices often have additional security policies, such as Conditional Access or multi-factor authentication, that can compound the issue. If the cached credentials are not cleared, the sync client may also show a persistent red circle with a white X in the system tray. The error may appear immediately after the password reset or after the next device restart.
The Role of Windows Credential Manager in OneDrive Authentication
Windows Credential Manager stores web credentials, Windows credentials, and generic credentials used by applications. OneDrive for Business stores its authentication tokens under the Windows Credentials section. The entries typically appear as “MicrosoftOffice16_Data:ADAL:
Why Managed Devices Are More Affected
On managed devices, IT administrators often configure OneDrive to start automatically with Windows and enable features like Known Folder Move. These settings can cause the sync client to attempt re-authentication immediately after a password reset. Additionally, group policies may prevent users from manually unlinking their account in OneDrive settings. This increases the likelihood of encountering the 0x8004de40 error.
Steps to Clear Stale Credentials and Fix the Sign-In Error
- Close OneDrive completely
Right-click the OneDrive cloud icon in the system tray and select Settings. In the Microsoft OneDrive window, go to the Account tab and click Unlink this PC. Confirm the unlink when prompted. This stops the sync client from attempting authentication while you clear credentials. - Open Windows Credential Manager
Press the Windows key and type Credential Manager. Click Credential Manager in the search results. In the Credential Manager window, click Windows Credentials. - Remove OneDrive and Office cached credentials
Scroll down to the Generic Credentials section. Look for entries containing “MicrosoftOffice16_Data:ADAL” and “OneDrive Cached Credentials”. Click the arrow next to each entry and select Remove. Confirm the removal. Also remove any entries that start with “Microsoft.AAD.BrokerPlugin” if present. These are Azure AD broker tokens that may also be stale. - Reset the OneDrive sync client
Press Windows key + R to open the Run dialog. Type the following command and press Enter:%localappdata%\Microsoft\OneDrive\onedrive.exe /reset. A command window will flash briefly. Wait 30 seconds for the reset to complete. The OneDrive setup window should appear automatically. If it does not, press Windows key + R again and run:%localappdata%\Microsoft\OneDrive\onedrive.exe. - Sign in with your new password
In the OneDrive setup window, enter your work or school email address. Click Sign in. On the sign-in page, enter your new Microsoft 365 password. If multi-factor authentication is enabled, complete the verification prompt. Select the folders you want to sync and click Next. Click Start sync. - Verify the error is resolved
Check the OneDrive system tray icon. It should show a solid blue cloud or a blue cloud with a check mark. Open File Explorer and navigate to your OneDrive folder. Confirm that files are syncing by creating a test document and verifying it appears in the online OneDrive web portal.
If the Error Persists After Clearing Credentials
OneDrive still shows 0x8004de40 after removing credentials
If the error continues, the cached token may be stored in the Windows registry. Press Windows key + R, type regedit, and press Enter. Navigate to HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1. Right-click the Business1 key and select Delete. Confirm the deletion. Restart the OneDrive sync client using the command from step 4. You will need to sign in again.
You cannot unlink OneDrive because the option is grayed out
Managed devices may have group policies that disable the unlink option. In this case, use the credential removal method only. After removing the credentials from Credential Manager and resetting OneDrive, the sign-in window will appear automatically. Enter your new password to re-authenticate. The unlink step is optional for the fix to work.
Error 0x8004de40 appears on multiple managed devices
If you manage multiple devices, use a PowerShell script to automate credential removal. Run PowerShell as Administrator and execute the following command: cmdkey /list | ForEach-Object{if($_ -like "MicrosoftOffice16" -or $_ -like "OneDrive"){cmdkey /delete:$_}}. This removes all matching stored credentials in one pass. Then reset OneDrive on each device.
Manual Credential Removal vs OneDrive Reset: Key Differences
| Item | Manual Credential Removal via Credential Manager | OneDrive Reset via /reset Command |
|---|---|---|
| What it clears | Stale password hashes and tokens stored by Windows | Local OneDrive configuration, cache, and sync database |
| Effect on local files | None | None |
| Effect on sync status | Forces re-authentication on next sign-in attempt | Resets sync relationships and clears error states |
| Time to complete | 2 to 5 minutes | 30 seconds to 2 minutes |
| Requires admin rights | No | No |
| Best used when | Error appears immediately after password change | Error persists after credential removal or after a device restart |
For most cases, removing credentials from Credential Manager followed by a OneDrive reset provides the fastest resolution. If the error reappears after a future password reset, repeat only the credential removal step.
You can now resolve the 0x8004de40 sign-in error on managed devices by clearing stale credentials and resetting the OneDrive sync client. After completing the steps, OneDrive will authenticate with your new password and resume syncing files. To prevent future errors, consider using the Windows Credential Manager shortcut control /name Microsoft.CredentialManager to access the tool quickly after password resets. For IT administrators, deploying a PowerShell script that runs cmdkey /delete for Office entries during password change workflows can reduce support tickets.