Error Code 0x8004de40 or 0x8004de88 when signing in to OneDrive
Symptoms
When you sign in to Microsoft OneDrive, you receive the following error message:
OneDrive Can't sign in. Error 0x8004de40
Login was either interrupted or unsuccessful. Please try logging in again. (Error Code: 0x8004de40)
We can't sign into your account, please try again later 0x8004de88
Error Code 0x8004de40 or 0x8004de88 indicates OneDrive is having trouble connecting to the cloud.
Resolution
First, verify that you are connected to the internet. If the affected device is not connected, see Fix Wi-Fi connection issues in Windows.
Make sure that you carefully review information about TLS deprecation. That change might also cause this error.
If the device is connected to the internet and TLS has been updated, continue to the following steps based on the version of Windows that the device is running.
Windows 10
Solution 1: Check cipher suites settings
Even after you upgrade to TLS 1.2, it's important to make sure that the cipher suites settings match Azure Front Door requirements, because Microsoft 365 and Azure Front Door provide slightly different support for cipher suites.
For TLS 1.2, the following cipher suites are supported by Azure Front Door:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
To add cipher suites, either deploy a group policy or use local group policy as described in Configuring TLS Cipher Suite Order by using Group Policy.
Important
Edit the order of the cipher suites to ensure that these four suites are at the top of the list (the highest priority).
Alternatively, you can use the Enable-TlsCipherSuite cmdlet to enable the TLS cipher suites. For example, run the following command to enable a cipher suite as the highest priority:
Enable-TlsCipherSuite -Name "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" -Position 0
This command adds the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite to the TLS cipher suite list at position 0, which is the highest priority.
Important
After you run Enable-TlsCipherSuite, you can verify the order of the cipher suites by running Get-TlsCipherSuite. If the order doesn't reflect the change, check if the SSL Cipher Suite Order Group Policy setting configures the default TLS cipher suite order.
For more information, see What are the current cipher suites supported by Azure Front Door?.
Solution 2: Check TLS protocols
Use the following steps:
- Press Windows logo key+R to open the Run window.
- Type
inetcpl.cpl, and press Enter. - Navigate to the Advanced tab, and enable all three TLS protocols by selecting the check boxes for the TLS 1.0, TLS 1.1, and TLS 1.2 options.
- Select Apply and then OK to save the changes.
Solution 3: Restart the device
Restart the device while it is connected to your Microsoft Entra domain. If that doesn’t fix the problem, unjoin your device from Microsoft Entra ID and rejoin it, by using the following steps.
Important
You must be connected to your organization’s network when you do these steps. Don’t do these steps if you aren’t connected to your organization’s infrastructure (for example, while traveling).
- Open an elevated Command Prompt window. To do this, select Start, right-click Command Prompt, and then select Run as administrator.
- Type
dsregcmd /leave, and press Enter. - After the command runs, type
dsregcmd /join, and press Enter. - After the command runs, close the Command Prompt window.
- Restart the computer, and log in to OneDrive.
Windows 8, Windows 7 or Windows Server 2012/2008 R2(SP1)
If you're using Windows 8, Windows 7 Service Pack 1 (SP1), Windows Server 2012 or Windows Server 2008 R2 SP1, see the following solutions.
- The Easy Fix Tool can add TLS 1.1 and TLS 1.2 Secure Protocol registry keys automatically. For more information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
- For Windows 8, install KB 3140245, and create a corresponding registry value.
- For Windows Server 2012, the Easy Fix Tool can add TLS 1.1 and TLS 1.2 Secure Protocol registry keys automatically. If you're still receiving intermittent connectivity errors after you run the Easy Fix Tool, consider disabling DHE cipher suites. For more information, see Applications experience forcibly closed TLS connection errors when connecting SQL Servers in Windows.
If none of these solutions fix the issue, consider checking the cipher suite settings and order. For more information, see Solution 1 in the Windows 10 section.
All computers
If you have completed all the previous steps, consider doing a reset of OneDrive.