This is a scenario page for the caa50021 error code. For the full diagnostic, start at the code hub.

CAA50021 in OneDrive: Why It Happens and How to Fix It

Quick answer

CAA50021 in OneDrive is the same root cause as in Outlook and Teams — a Windows Web Account Manager state issue — but with one OneDrive-specific complication: a personal OneDrive (@outlook.com) and a work OneDrive (@yourcompany.com) on the same device fight each other for the WAM cache. The fix sequence is to unlink the work account in OneDrive, clear WAM with dsregcmd /cleanupaccounts, restart, and re-pair the work account. The OneDrive reset command in the advanced section is safe — it does not delete your files.

If you’re new to this error, read the Microsoft 365 CAA50021 hub first. This page covers the OneDrive-specific layer.

Before you start

  • CAA50021 only affects work or school OneDrive (OneDrive for Business). A personal OneDrive sign-in (@outlook.com, @hotmail.com) won’t produce this error. If you’re seeing it, the account is you@yourcompany.com or similar.
  • Your files are safe. Nothing in this guide deletes synced files. The OneDrive reset in the advanced section in particular is often misunderstood — it clears settings and local cache metadata, but the actual files in your OneDrive folder remain on disk.
  • Note whether you have both a personal and a work OneDrive on the device. This is the single most common OneDrive-specific cause of CAA50021. If both are paired, the fix order in this guide differs slightly — read step 2 before doing anything.
  • You’ll need administrator rights on Windows for the high-yield WAM fix. If you don’t have them on a managed device, do the OneDrive-side steps and stop.

What CAA50021 in OneDrive actually means

The error appears in two places in the OneDrive client:

  1. During account add. You click the OneDrive cloud icon in the system tray, choose Sign in, enter your work email, and after MFA the dialog returns CAA50021 instead of completing.
  2. As a banner on an already-paired account. The cloud icon turns gray with a red X, you click it, and the message reads “There’s a problem with your account. Please sign in again.” Clicking through produces CAA50021.

Both have the same root: WAM tried to broker a token for the OneDrive client and failed multiple times silently before surfacing the generic CAA50021. OneDrive doesn’t have its own credential cache the way Outlook has profiles or Teams has its own cache — it leans almost entirely on WAM. That makes OneDrive a clean signal: when CAA50021 happens here, WAM is the problem.

Where in OneDrive this appears

CAA50021 in OneDrive typically hits during one of these moments:

  • When trying to add a work OneDrive on a device that already has a personal OneDrive set up. The single most common OneDrive-specific trigger.
  • After a password change. WAM holds the old token state.
  • After an MFA reset or first-time MFA enablement.
  • After a Windows quality update. Several Patch Tuesday cumulatives have triggered WAM-state issues that surface in OneDrive sign-in.
  • On a virtual machine running Windows Server with the OneDrive client. Server SKUs handle WAM differently than client SKUs and are more likely to surface this error.
  • After a tenant migration — OneDrive may keep cached references to the old tenant.

Common causes (OneDrive-specific)

These overlap with the hub article causes, with extras specific to OneDrive.

1. WAM holds a stale work-account entry. The dominant root cause everywhere — and again the most common in OneDrive. A password change, an MFA event, or a recent Windows update can leave WAM holding a token state that no longer matches what Entra ID will accept.

2. A personal OneDrive is paired alongside the work OneDrive. OneDrive supports multiple accounts (one personal plus multiple work accounts), but the pairing process fights with WAM in specific ways. The work-account add can fail with CAA50021 even though the personal account is fine. The fix is usually to unlink the work account, clear WAM, and pair the work account first before touching the personal one.

3. The device is not registered with Entra ID. A device that signs in correctly to Office apps but fails specifically on OneDrive sometimes has a stale or incomplete device-registration state. dsregcmd /status will show whether the device is joined or registered.

4. Conditional access blocks the sync client. Conditional-access policies sometimes treat the OneDrive sync client as a different client type than the Office desktop apps. A policy that allows Outlook can block OneDrive. The error code is the same; the admin-side fix is different.

5. The OneDrive client is on an old build. Microsoft has shipped multiple OneDrive updates that address WAM-related sign-in issues. An OneDrive client more than a few months behind current is a meaningful contributor.

Fixes to try first

Do these in order. Don’t reinstall OneDrive as a first step — it does not clear WAM, and it does not help.

1. Restart cleanly

Hold Shift while clicking Restart from the Start menu. This forces a kernel reload rather than fast-startup hibernation. A meaningful share of CAA50021 cases clear after a real restart.

If your work OneDrive is already paired but failing, unlink it before doing anything WAM-side. This is safe — your files stay where they are.

  1. Click the OneDrive cloud icon in the system tray.
  2. Click the gear icon, then Settings.
  3. Go to the Account tab.
  4. Find your work account and click Unlink this PC.

OneDrive will stop syncing the work account but will leave the existing files in your OneDrive - YourCompany folder. Don’t delete that folder — the next pairing will re-attach to it.

3. Run dsregcmd /cleanupaccounts

This is the high-yield WAM fix.

  1. Press Windows key, type cmd, right-click Command Prompt, and choose Run as administrator.
  2. Type: 
    dsregcmd /cleanupaccounts
    and press Enter. The command returns silently — no progress bar, no confirmation. That is correct.
  3. Restart the device.

4. Confirm the work account is connected at the device level

  1. Open Settings → Accounts → Access work or school.
  2. Verify your work account is listed.
  3. If it isn’t, click Connect and add it. Sign in with your work credentials. You’ll be prompted for MFA.
  4. If it is listed but shows an error or warning, click it and choose Disconnect, restart, then re-add.

5. Re-pair OneDrive with the work account

  1. Open the OneDrive client (search OneDrive in the Start menu).
  2. Sign in with your work email.
  3. Complete MFA when prompted.
  4. When asked where to put the OneDrive folder, point it at the existing OneDrive - YourCompany folder. OneDrive will scan, find the existing files, and resume sync rather than re-downloading.

If sign-in succeeds but you immediately hit a sync error like 0x8004de40 or 0x8004de90, those are downstream issues — see OneDrive error 0x8004de40 and OneDrive error 0x8004de90.

Advanced fixes

If the steps above didn’t resolve it, the next round of fixes is more invasive but still safe.

Reset the OneDrive client

OneDrive’s reset command is widely misunderstood. It does not delete your files. It clears the client’s local settings and cache metadata, then re-pairs from scratch.

  1. Press Windows key + R to open Run.
  2. Paste: 
    %localappdata%\Microsoft\OneDrive\onedrive.exe /reset
    and press OK.
  3. Wait 1–2 minutes. The OneDrive icon will disappear from the system tray.
  4. If OneDrive doesn’t auto-restart, search OneDrive in the Start menu and launch it manually.
  5. Sign in with your work credentials.

If the reset command returns “not recognized” or path-not-found, the OneDrive install is at a different path. Try C:\Program Files\Microsoft OneDrive\onedrive.exe /reset instead.

After reset, OneDrive re-pairs and re-scans the local OneDrive folder. Files already on disk are not re-downloaded — OneDrive matches them against the cloud and resumes sync. This is genuinely safe; the warnings you see online about reset “deleting everything” are inaccurate.

Clear stale OneDrive credentials in Credential Manager

  1. Press Windows key, type Credential Manager, and open it.
  2. Click Windows Credentials.
  3. Under Generic Credentials, look for entries containing OneDrive Cached Credential or your work email.
  4. Expand each and click Remove.
  5. Restart OneDrive.

Update OneDrive

Get the latest OneDrive build manually:

  1. Search OneDrive in the Start menu and right-click → Properties, or check the gear icon → Settings → About for current version.
  2. If the version is older than the current one published on the OneDrive release notes page, download a fresh installer from Microsoft and run it. The installer is non-destructive — it updates in place.

Check device-registration state

Run dsregcmd /status from an elevated prompt and confirm:

  • AzureAdJoined is YES if your device should be Microsoft Entra joined.
  • WorkplaceJoined reflects your expected device-registration state.

If both are NO and you expected at least one to be YES, the device has lost its registration. On an unmanaged device, re-add the work account in Settings → Accounts → Access work or school. On a managed device, this is the admin checklist territory.

If you are on a work or school device

On a managed device (Intune-enrolled, BitLocker on, hybrid-joined, “Company Portal” installed), do steps 1–5 from Fixes to try first and stop. Specifically:

  • Do not run dsregcmd /leave on a hybrid-joined device.
  • Do not delete certificates from the personal certificate store.
  • Don’t unenroll from Intune.

If those steps don’t resolve it, the issue is upstream — a conditional-access policy that blocks the OneDrive sync client specifically, an Intune compliance failure, or a stale device record. None of these are end-user fixable. The admin-side checklist covers what IT needs to verify; send it to your IT team along with a screenshot of the error and the time it started.

When to stop

Stop and escalate if:

  • You’ve worked through the fixes above and CAA50021 persists, and the device is corporately managed.
  • The error appears alongside a “Your files are not yet synced” banner and OneDrive is showing zero files in the local folder. Don’t keep trying — get IT involved before any local data state drifts further.
  • Sign-in succeeds but immediately fails with a different OneDrive error code in the 0x8004de** family. Switch over to that error’s specific guide — see 0x8004de40 and 0x8004de90.
  • Multiple users on the same tenant report the issue at the same time. That’s an admin-side problem.
  • The device is a Windows Server VM. OneDrive on Server SKUs has different supported configurations and is best handled by IT directly.
  • Microsoft 365 error CAA50021 (hub)
  • CAA50021 in Outlook
  • CAA50021 in Microsoft Teams
  • OneDrive error 0x8004de40
  • OneDrive error 0x8004de90

Official references

↑ Back to top