OneDrive Error 0x8004de40: What It Means and How to Fix It (2026 Updated Guide)

Quick answer

OneDrive error 0x8004de40 means the client cannot reach Microsoft’s sign-in service. It is a connectivity error, not an account error. The fastest reliable fix, in order, is: confirm you actually have working internet, enable TLS 1.2 in Internet Options, reset Winsock from an admin command prompt, and reset the OneDrive client. If none of those work, the problem is almost always a corporate proxy, a security tool, or — on Microsoft Entra-joined devices — a broken device-trust state. Skip to the Advanced fixes section if you’ve already done a basic restart.

Before you start

A few things that matter before you change settings.

Back up anything important that lives only in your OneDrive folder before you start resetting clients or unlinking accounts. None of the steps below should delete files, but if your sync was already half-broken when this error appeared, files marked “online-only” can become unrecoverable if you reset OneDrive on a device that can’t reach the cloud to re-download them. Copy the sensitive files somewhere local first.

You will need administrator rights for some of the commands in this guide — specifically the Winsock reset and the dsregcmd commands. If you’re on a managed work device, your IT admin may have blocked elevation, in which case stop at the user-level steps and send them this article along with the SharePoint and OneDrive admin guide — that’s the right escalation path.

Do not download “OneDrive repair tools” from third-party sites. There is no legitimate first-party repair tool for OneDrive other than the built-in /reset command documented below, and downloading random executables that promise to fix sync errors is one of the easier ways to make this problem genuinely serious instead of merely annoying.

What this error means

0x8004de40 is the OneDrive client’s way of saying “I tried to talk to the Microsoft sign-in endpoint and the conversation failed before authentication even started.” Microsoft’s official documentation describes this as OneDrive “having trouble connecting to the cloud,” which is accurate but vague. In practice, the error fires when one of three things has happened: the network path between your device and login.microsoftonline.com is blocked or rerouted, your Windows TLS configuration can’t negotiate a secure connection that Azure Front Door will accept, or your device-trust relationship with Microsoft Entra is broken so the OS-side single sign-on hand-off fails before OneDrive ever gets a token.

This is important because the error code is connectivity, not credentials. If you keep being asked to sign in, that’s a different family of errors — see microsoft-365-error-caa50021 for the modern sign-in error family. If OneDrive shows the cloud icon but no files sync, that’s onedrive-sync-pending-forever. If you see 0x8004de90 instead, that means OneDrive can reach the cloud but your account isn’t fully provisioned — the fix path is different and is covered in onedrive-error-0x8004de90.

Where this error appears

You’ll see 0x8004de40 most often in the OneDrive sign-in window with the message “There was a problem connecting to OneDrive. Check your Internet connection, and then try again.” It can appear on:

• Windows 10 and Windows 11 OneDrive desktop client (personal and Microsoft 365 work or school accounts).
• The OneDrive sync engine on Mac, though the surface text differs slightly.
• Any device joined to Microsoft Entra ID where the device-trust state is broken — this often surfaces as 0x8004de40 even though the underlying cause is different from a personal-account network failure.

The same error code occasionally appears alongside 0x8004de88 in the same Microsoft documentation; treat them as the same family for diagnostic purposes.

Common causes

In rough order of how often each cause is the actual problem:

• Genuine network outage or no internet. This is far more common than people admit. OneDrive sometimes shows 0x8004de40 for thirty seconds during an ordinary Wi-Fi drop. Confirm before you do anything else.
• TLS 1.2 disabled or misconfigured. Microsoft requires TLS 1.2 for all OneDrive connections. Older Group Policy configurations on managed devices, or anyone who has ever manually toggled Internet Options, can leave TLS 1.2 disabled.
• Authenticated proxy or VPN interfering. OneDrive does not support authenticated proxies. If your network requires a proxy with credentials, OneDrive fails before it ever reaches Microsoft’s servers. Corporate VPNs that do SSL inspection will trigger this too.
• Antivirus or firewall blocking OneDrive. Security tools that scan HTTPS traffic can break the certificate chain Azure Front Door requires. Bitdefender, Kaspersky, and some enterprise endpoint products are the usual suspects.
• Microsoft Entra device-trust broken. On Entra-joined work devices, the device certificate that proves “this machine is allowed to sign users in” can become invalid. The user sees 0x8004de40 because OneDrive can’t get a token; the actual fix is on the device-join side.
• Cached credentials gone bad. Old OneDrive Cached Credential entries in Windows Credential Manager can cause repeated failures even after a password reset.
• Outdated OneDrive client. Microsoft has tightened TLS and cipher-suite requirements multiple times; clients more than a year old will fail against current Azure Front Door cipher requirements.

Fixes to try first

Do these in order. The list is short on purpose. Every step expands the surface of what you’ve changed; if step 1 fixes it, you don’t need step 5.

1. Confirm your internet actually works. Open a browser and load https://onedrive.live.com. If that fails too, your problem isn’t OneDrive — fix the connection. If the web version works but the client doesn’t, continue.

2. Restart OneDrive. Right-click the OneDrive cloud icon in the system tray, choose Quit OneDrive, wait fifteen seconds, then relaunch from the Start menu. Half the time on a flaky network this is enough.

3. Sign out of OneDrive and back in. OneDrive icon → Settings → Account → Unlink this PC, then go through setup again with the same account. This rebuilds the local sync state and clears stale tokens. You will not lose files — they remain in the cloud.

4. Enable TLS 1.0, 1.1, and 1.2 in Internet Options. Press Win+R, type inetcpl.cpl, hit Enter. Go to the Advanced tab, scroll to the Security section, and tick Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2. Microsoft’s official guidance enables all three for compatibility, even though only 1.2 is required, because some older middleware can interfere if 1.0/1.1 are explicitly disabled. Apply, OK, restart, try OneDrive.

5. Disable any active proxy. Settings → Network & Internet → Proxy. Turn off Automatically detect settings, and turn off any manual proxy. Restart and retry. If your workplace requires a proxy, this won’t be your final fix — but it tells you whether the proxy is the cause.

If you’re still seeing 0x8004de40 after these five, the problem is deeper.

Advanced fixes

Each of these is reversible. None require third-party software. The order is from least invasive to most.

Reset Winsock. Winsock is the API layer Windows apps use to talk to network protocols, and it gets corrupted more often than people realize — particularly on machines that have had multiple VPN clients installed and uninstalled over the years. Open Command Prompt as administrator, run:

netsh winsock reset
netsh int ip reset
ipconfig /flushdns

Restart the PC. This step alone fixes a meaningful percentage of 0x8004de40 cases, especially on machines with a history of VPN software.

Reset the OneDrive client. This clears OneDrive’s local configuration without deleting your files. Press Win+R, paste:

%localappdata%\Microsoft\OneDrive\onedrive.exe /reset

Hit Enter. The OneDrive icon will disappear for a minute or two, then reappear and start fresh. If nothing happens after a few minutes, manually relaunch OneDrive from the Start menu. If the path above doesn’t exist, try C:\Program Files\Microsoft OneDrive\onedrive.exe /reset instead.

Clear cached OneDrive credentials. Open Credential Manager from Control Panel, go to Windows Credentials, and look for entries starting with OneDrive Cached Credential or MicrosoftOffice16_Data:SSPI:. Remove them. This is particularly important if your password has been changed recently.

Verify cipher suites match Azure Front Door. This applies to managed Windows devices where Group Policy has restricted the available cipher suites. Microsoft publishes the list of supported cipher suites for Azure Front Door, and if Group Policy has removed all of them, OneDrive cannot negotiate a connection even with TLS 1.2 enabled. Run gpresult /h report.html and check Computer Configuration → Policies → Administrative Templates → Network → SSL Configuration Settings. If the list is restricted, you need an admin to update the GPO.

Rejoin the device to Microsoft Entra ID. Only do this if the device is Entra-joined and the previous fixes haven’t worked. Open Command Prompt as admin while connected to the corporate network and run:

dsregcmd /leave
dsregcmd /join

Restart, sign in to Windows, and OneDrive should now connect. Do not run these commands if you’re not on the corporate network — you’ll leave the device in a half-joined state that requires IT to fix. Microsoft’s official guidance is explicit on this.

If you are on a work or school device

If you’ve reached the dsregcmd step and you don’t have admin rights — which is normal on managed devices — stop. The remaining causes are admin-side and you cannot solve them from a user account.

For the IT person reading this: if a single user is hitting 0x8004de40 and other users on the same device or network are fine, the problem is almost certainly cached credentials or the user’s profile on that machine. If multiple users on the same network are hitting it, look at the proxy, SSL inspection, or recent Conditional Access changes. The SharePoint admin-side access denied guide covers the Conditional Access angle.

If the user is on a brand-new Entra-joined device that has never connected, the device-trust state was probably never established correctly — re-enrol the device.

When to stop

Stop and escalate to your IT admin or stop and accept the workaround if any of the following apply.

You’re on a managed device, you’ve confirmed internet works, and you don’t have local administrator rights. The remaining fixes require elevation. Do not spend hours hunting for ways around UAC; that’s how machines get genuinely broken.

You’ve done the Winsock reset, the OneDrive reset, and the credential cleanup, and the error persists across multiple Microsoft accounts on the same machine. That’s not a OneDrive problem — it’s a system-level network stack problem that needs broader Windows diagnostics, not more OneDrive troubleshooting.

You’re trying these fixes on someone else’s device — particularly a parent’s, a colleague’s, or anyone whose backup state you’re not certain about. The safe option is to use the OneDrive web interface (onedrive.live.com or your tenant’s portal) for now, and let someone with full context on that machine handle the desktop client.

You’ve started seeing other Windows errors after running the network resets — DNS failures, other apps unable to connect, system instability. Roll back what you can (the credential cleanup is reversible by signing in again; the Winsock reset is not, but a system restore point covers it). The fix shouldn’t cost you a working machine.

Related errors

The OneDrive sign-in error family is dense and the codes look similar. The ones worth knowing about:

• OneDrive error 0x8004de90 — looks similar but means your account isn’t provisioned, not that the network is broken.
• OneDrive sync pending forever — the client can connect and signed in, but files won’t move.
• CAA50021 OneDrive sign-in error — work-account sign-in error caused by Conditional Access or Entra device join state.
• 0x8004de85 / 0x8004de8a — account mismatch. You’re signed in with the wrong account for the data you’re trying to sync.
• 0x8004deef — license missing or expired. Your IT admin needs to assign a OneDrive license.

Official references

• Microsoft Learn: Error Code 0x8004de40 or 0x8004de88 when signing in to OneDrive
• Microsoft Support: What do the OneDrive error codes mean?
• Microsoft Learn: Configuring TLS Cipher Suite Order by using Group Policy

FAQ

Is 0x8004de40 a virus or malware? No. It’s a connectivity error in the OneDrive client. Antivirus software is sometimes the cause of the error (because it interferes with HTTPS traffic), but the error itself is not a security threat.

Will resetting OneDrive delete my files? No. The onedrive.exe /reset command clears local configuration and re-syncs, but your files remain in the cloud and on disk. You may need to re-enter sign-in details and reconfigure which folders sync. If you have files marked “online-only” that you can’t re-download because of this error, copy them somewhere local first as a precaution.

I fixed it once and now it’s back. Why? Two likely reasons. First, if a Windows Update or a security tool update changed your TLS or cipher suite configuration, the fix can revert. Second, on Entra-joined devices, device-trust certificates expire and need re-issuing — if your fix was dsregcmd /leave followed by /join, that holds until the next certificate cycle.

Why does the OneDrive web version work but the client doesn’t? The web version uses your browser’s network stack, which has different TLS settings, cipher support, and proxy handling than the OneDrive client uses. A working web version proves your account and credentials are fine — the problem is between the OneDrive desktop client and Microsoft’s infrastructure, not between you and your account.

Should I uninstall and reinstall OneDrive? Only as a last resort, and only after the /reset command. A full reinstall takes longer, requires re-downloading all your synced files, and rarely fixes anything that /reset doesn’t. The exception is when your installed client is more than a year old — in that case, uninstall, download the latest version directly from Microsoft, and reinstall.

My company uses a proxy. Will OneDrive ever work? Yes, but only if the proxy doesn’t require user authentication. OneDrive supports unauthenticated proxies set in netsh winhttp configuration. If your workplace proxy requires sign-in, OneDrive cannot use it and you need to either bypass the proxy for OneDrive endpoints (your IT can configure this) or use the web version.