Onedrive gets Setup, then complains on second login.

Brass Contributor

Wasn't sure how to write the subject line.  My OneDrive policies are setup to auto-login the user and then configure known folders. That all works great on first login. 


Then, when you logout and login again, I immediately get the "Onedrive isn't signed in" error.



All one has to do at that point is click "Ok" and it will log them in. But I cannot seem to understand why this happens.  It is really annoying since scripts need to run to sync sharepoint shares and lots of times this dialog goes unseen and so the scripts don't run.  It is also not a user-friendly type of thing.


This ONLY happens with the second login. Each subsequent is fine.


My settings are this:


I'm not sure what could be causing this to happen. Other than, perhaps MFA? I set the computers up on a trusted network and the logout/login is also on a trusted network.


Not even sure where to start looking to solve this.


23 Replies

Just a few questions. Without some background info, it's hard to troubleshoot the problem.. If you could share the answers. Thanx

*When you press "OK" is everything working like you expected?
*Are you seeing any errors in the azure ad sign in log?
*Does this problem occurs on all devices and what happens when you enroll a new device?
You are mentioning ONLY the second login.. so I guess you tested it with a new devices?
*Are there conditional access rules in place? Like blocking legacy auth etc?
*Is SSO working on other apps/like teams? dsregcmd /status to check prt
*Are there any weird accounts added in the windows settings/account / credentials manager
*What happens if you change 1 setting by a time to not configured? Like the move kfm ?
*Are the devices azure ad joined or hybrid ( maybe some domain gpo's conflicting?)
*Are there any weird errors in the AppData\Local\Microsoft\OneDrive\logs
*Does Onedrive uses modern auth? Maybe the first time it uses legacy the second time modern or reverse?
After pressing OK, yes, it logs in without a prompt.
There are no errors or CA failures in the Sign-in Log.
It occurs on all devices regardless of who logs in.
I test it with new and existing devices. Although, I'm new to Azure/Intune so most devices are new.
There are conditional access rules but it happens regardless of CA rules. Most of the time I'm on a trusted network so they do not apply.
All other apps work fine including Teams. They just login.
I'm not sure about weird accounts. I will have to look. I know first login, the user is always setup right because their desktop/documents/pictures files sync.
I will have to do testing with changing one setting at a time. It will affect a lot of people and I have to login with a new account every time to test it out.
Devices are Azure AD Joined, not hybrid.
I have no idea how to read any of the files in that log. Lots of strange stuff.
I don't know if it uses Modern Auth or not. I would like it to so if there is a way to force that, great. This may be the issue. I don't know.
WIth conditional access you can block legacy auth

For onedrive
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\EnableADAL dword value: 2

To determine if some policies are the cause... it depends on your assignment. Did you target all devices/or all users? when you targeted all users, you could create 1 group with one user in it and make sure you exclude this group so you can test it out with 1 user on one test device.
I guess my question is. Why would it not use Modern Authentication? Is there a reason it wouldn't use it even if the registry value isn't there?

Normally it would use modern auth, but I have seen it happen a couple of times some time ago...


Hi there... I've just exactly the same issue, OneDrive syncs first time, then after subsequent reboots it throws the "not signed in" error... as soon as you click ok, it shows the "signing in" and works fine afterwards...


Did you had any luck solving this?

@FABKI No, not at all. In fact, I have another Tenant that I recently got setup with Intune and it happens to them too!


It is pretty frustrating.

Which onedrive version are you pushing? Are you deploying the latest version? Maybe it install an older version and after a reboot he wants to install a newer version. Maybe testing it with the latest x64 version? So you could rule out the onedrive client itself
I don't know. These machines are factory issued from Dell. But it also happens when I install an OS from scratch with 20H2 and get it all working.
WHere is onedrive installed? is it a user based installation or in the program files folder? Did you take a look at the version in the settings/info when the device is installed and when the user reboots the device and logs in again... any difference ?

@Rudy_Ooms_MVP hey...

In my case this is just the OneDrive that comes by default with the 20h2 image for Windows 10 Pro x64, though it does install itself in ProgramFiles(x86). I'm also provisioning the devices with Autopilot, AD joined if that makes a difference. OneDrive version: 2021 (build 21.073.0411.0002) - this is after the sync message is given... I`ll run the reset again to see if is different before that.


EDIT: the OneDrive version immediately after provisioning is the same as after a reboot, no change there. In fact, is not even the reboot that triggers this, just closing OneDrive first time, and reopening, it will trigger the "not signed in" popup, but only this one time. Further close/reopen OneDrive (or reboots) no longer triggers the popup.


There are also no duplicate credentials configured in the credential manager/Windows credentials? Like Adal or SSPI?
Are you using the old school MFA enforcement (is it disabled for the users) or conditional access?


Have you also taken a look at this Microsoft Doc? It's also saying you could try to add the enableadal key


Silently configure user accounts - OneDrive | Microsoft Docs





You could try this one. If it doesn't fix it , it will definitely not break it? :)


Office applications periodically prompt for credentials - Office 365 | Microsoft Docs

I have the same as FABKI. I'm seeing the exact same stuff and it is not being deployed, it is whatever OneDrive that is included with Windows 10.



What happens when you make sure when the device is becoming azure ad joined, onedrive is being installed ?Create a new intunewin app and make sure it is set as required in the ESP?





@Rudy_Ooms_MVP The device gets joined part of the autopilot, and OneDrive is already included with the Windows image... so it already gets installed as part of that, and also "properly" configuring as per Intune CSPs. Not sure how adding it as required install would help when is already installing... ?


It is all about excluding. I mentioned some things you could try. I am not sure if it helps but if you could exclude all the other stuff, maybe the real issue and solution will remain?




Just wondering but did you manage to solve it?
Another solution you could try is to disable the automatic startup 





reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "OneDrive"


And check what happens when you open onedrive manually? (when this works you could create a scheduled task to start onedrive with a delay)

@Rudy_Ooms_MVP I haven't been able to solve it. But I think someone mentioned, and I tried it, that if on the first login, if I quit OneDrive manually and re-load it manually, the problem happens. But then subsequent logins have no problem just like normal.


So, it really has to do with the first time it loads and the second. I don't know what changes between them.


I will say this. I got a computer in and it had Version 21H1 on it (All my others are 20H2) and that one DOESN'T have the second-load error with OneDrive.  I have not tried upgrading another computer yet to fully test it.


I still get the same issue on clean installs with 21H1 too, maybe you've got over a glitch in the matrix with that one?