Using classic Outlook for Windows in business environments
Good day,
Thank you for raising this issue.
The error message “657rx - Code: 2148073520 / The credential is invalid. Unexpected sub status (6008)” typically occurs when Windows cannot properly validate your device’s security state or user identity. This can happen after changes such as updates to device security settings, TPM changes, or modifications to your work or school account.
In many cases, the issue is caused by corrupted credentials, expired sign-in tokens, or a mismatch between your device and your organization’s identity platform (Microsoft 365 / Azure AD). When this trust relationship cannot be verified, Outlook access may be blocked.
Since this is an authentication-related issue, the resolution usually involves resetting credentials and re-establishing the device relationship with your account.
You can try the following steps to clear your credentials cache to ensure a clean reset
- Please sign out your accounts from Office applications, then close all Office applications.
- Open File Explorer, paste the following path, and delete all files and folders. %localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
- In the Windows search bar, search for "Access Work or School".
- Check if you can see your school account in "Access Work or School".
If you don't see it, please select Connect and add your business account.
If you can see it, please select it and select Disconnect. After that, please click "Connect" and log into your account again to register the device.
- Open the Control Panel on your PC.
Go to User Accounts > Credential Manager.
- Under both Windows Credentials and Generic Credentials, look for any entries related to your Microsoft 365 business account and Office apps.
Select and remove those entries.
Restart your computer and try adding your account in Office again.
Download OLicenseCleanup.vbs and run it. In this way, you can use this package to remove the license, clear the stored identities in the registry, and remove the credentials. You can follow this: Reset activation state for Microsoft 365 Apps for enterprise - Microsoft 365 Apps | Microsoft Learn to reset activation state
Restart your device.
Reopen Office apps and sign in with the correct account.
Additionally, this error is commonly associated with device registration issues in Azure Active Directory (Azure AD) or Microsoft 365. It can occur if a device is incorrectly registered, duplicated, or restricted due to recent policy changes made by your organization’s IT administrators. These inconsistencies may prevent successful authentication and trigger the error.
If the issue continues after clearing your credentials cache, please reach out to your IT administrator and ask them to remove the affected device from your Azure AD or Microsoft 365 account. Re-registering the device creates a fresh directory entry, which often resolves trust or identity mismatches.
I hope this information is helpful. Please try these steps and let me know how it goes. If you have any further questions or need assistance, please don’t hesitate to reach out.
Thank you for your patience and understanding.
I look forward to your thoughts on this.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.