Microsoft OneDrive: There was a problem - 0x8004de46

Tucker Gibson  June 17, 2019  ,   No comments

Microsoft OneDrive: There was a problem - 0x8004de46

Problem

We ran into the "Please try again in a few minutes. (Error code: 0x8004de46) error recently when testing the OneDrive client connecting to multi-geo regions. The client was looking to connect with non-default urls since the users "Preferred Data Location" or PDL was not our default region.  See error below from the OneDrive sync client.  Microsoft has a kb on this but for us it was network related as you'll see below.


Microsoft OneDrive - There was a problem signing you in.  Please try again in a few minutes. (Error Code: 0x8004de46)

 For us, we have all our Office 365 clients using modern authentication (i.e. those ADAL regkeys) already setup and were sending network traffic directly to the internet (not via proxy) per Microsoft recommendations.  But guess what, we weren't doing that for the newer multi-geo urls which are xxx-my.sharepoint.com and found out that the network traffic was going through our proxy.

Troubleshooting

To confirm this, I did a fiddler trace of a working OneDrive client and a non-working client.  In short, you can see the client attempt to create a HTTPS connection which results in a 401 error.  As you can see the proxy was decrypting the traffic resulting in the OneDrive client error.

Client Not Connecting

Example of the client not connecting and client is seeing a 401 resulting in the error.


 The "Issuer" is not Microsoft (Sorry I had to block it out but trust me!)

Client Connecting

Example of a client connecting properly.


 And notice the "Issuer" associated with the tunnel is.Microsoft.
A side note on this,  I did see references to the errors below in the fiddler trace and saw some other solutions out there but since this was already working for our default region I was a little suspect that it would fix for us.  
  • MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
  • Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.

Solution

Long-term you will want to allow this traffic to route directly to the internet but in this case to get it working, we disabled decryption on all the "my.sharepoint.com" urls and we were back in business.  Moral of the story is follow best practices for Office 365 and bypass proxy when you can.
Read More