Fixing Synchronization Problems Between Outlook and Exchange Server

When Outlook refuses to show new mail that you can see in Outlook on the web, the gap is almost always a sync fracture, not missing data. Fixing it quickly demands a clear map of where the client ends and Exchange begins.

The difference matters because every click you make in the Outlook interface is processed by a local cache that can drift out of step with the authoritative mailbox on the server. Understanding that drift is the first step toward permanent repair instead of daily firefighting.

Diagnose the Exact Sync Breakpoint

Open the Inbox folder, press Ctrl+6 to expose the Sync Issues folder, and sort by Date Modified descending. A sudden cluster of 8004010F or 85030027 errors pinpoints the moment the mailbox forked.

Compare the “Last Modified” time on the server folder with the local modified time shown in Outlook’s Properties dialogue. A gap larger than three minutes signals that the client is not receiving streaming notifications.

Run `Get-SyncRequest -Mailbox alias@domain | Select Name,Status,LastSyncFailure` in Exchange Management Shell. An entry that shows “StalledDueToLock” means the server has throttled the user because another client is holding an open transaction.

Use Fiddler to Capture the EWS Conversation

Install Fiddler, enable HTTPS decryption, and filter traffic to `outlook.office365.com/ews`. Send a manual update folder request from Outlook by pressing Shift+F9. A 200 OK response that still contains empty Changesets proves the server is healthy but the client is ignoring deltas.

Look for repeated 401 Unauthorized frames that immediately follow a successful 200. This pattern indicates that the authentication token is rotating faster than Outlook can renew it, usually because the user’s PrimarySMTPAddress was recently changed in Azure AD.

Interpret the Sync Log Verbosity Switch

Create the DWORD value `SyncLogLevel` under `HKCUSoftwareMicrosoftOffice16.0OutlookOptions` and set it to 3. Restart Outlook and open `%temp%OLKASSyncLog-Current.log`. Lines that contain “Ignoring change ” followed by “Already in queue” reveal a corrupt incremental sync state.

Scroll backward until you see “Watermark reset to ”. The GUID that appears twice in a row is the folder’s new anchor; if the next line shows “Downloaded 0 items”, the old OST fragment is orphaned and must be rebuilt.

Rebuild the Cache Without Losing Quick Steps

Export all Quick Steps to a `.qs` file via File > Manage Quick Steps before touching the OST. This preserves custom templates that are not stored server-side.

Close Outlook, rename the OST to `.old`, and reopen the profile. Exchange will create a new container and pull a full copy of the mailbox. While this downloads, open the old OST as a temporary mailbox via File > Account Settings > Data Files so users can still search last week’s mail.

After sync finishes, import the `.qs` file. The new OST now carries correct watermarks and eliminates ghost folders that were causing “changes available but not applied” errors.

Targeted Folder Reset for Large Mailboxes

Full OST rebuilds can exceed 50 GB and choke on metered links. Instead, right-click the stuck folder, choose Properties > Clear Offline Items, then Shift+F9. This forces a one-time full folder sync without touching the rest of the cache.

If the folder exceeds 20 k items, add the registry key `MaxNumberOfMessagesToSync` under `HKCUSoftwareMicrosoftOffice16.0OutlookCached Mode` and set it to 10000. Outlook will paginate the download into bite-sized batches and avoid the 30-second EWS timeout that truncates large sets.

Fix Authentication Token Loops

Modern authentication can enter a silent renewal loop when the user’s UPN changes but the cached token still contains the old value. Open Credential Manager, delete all entries that start with `MicrosoftOffice16`, and restart Outlook.

Immediately open Windows PowerShell and run `Add-Type -AssemblyName System.IdentityModel; [System.IdentityModel.Tokens.JwtSecurityToken]::new((Get-ADUser $env:USERNAME).UserPrincipalName)`. If the issued token shows the old UPN, force an Azure AD Connect delta sync to update the immutable ID mapping.

Registry Key to Force ADAL Prompt

Create the DWORD `EnableADAL` under `HKCUSoftwareMicrosoftOffice16.0CommonIdentity` and set it to 1. Add a second DWORD `DisableAADWAM` set to 1. This pair blocks Windows Account Manager silent SSO and surfaces the modern auth dialog, letting the user re-consent with the new UPN.

Resolve Network Layer Blocks

Corporate proxies often strip the `Authorization` header from long-running EWS connections. Run `netsh winhttp show proxy` to see the system-wide setting. If it points to an on-premise PAC file, add `outlook.office365.com` to the proxy bypass list via GPO.

Next, test MAPI-over-HTTP connectivity with `Test-OutlookConnectivity -RunFromClientId $true -ProbeIdentity OutlookMapiHttpSelfTest`. A red result on `Negotiate` authentication indicates Kerberos clock skew; run `w32tm /resync` on the client to within five minutes of the domain controller.

Adjust TCP Keep-Alive for VPN Users

VPN tunnels love to drop idle sockets after 30 seconds. Set the registry DWORD `KeepAliveTime` under `HKLMSYSTEMCurrentControlSetServicesTcpipParameters` to 60000 decimal. Outlook will now ping the server every minute, preventing the NAT table from evicting the connection mid-sync.

Throttle Server-Side Quotas

Exchange Online applies a 60 MB-per-minute upload throttle per user. Users who drag a 500 MB PST into the cloud will hit the wall and see “Trying to connect” for hours. Open Exchange Admin Center > Recipients > Mailboxes > Mailbox Features > Storage Quotas and raise the Warning quota temporarily to 150 % of current usage.

Next, run `Set-Mailbox alias@domain -ThrottlingPolicy BypassBigUpload` where the policy has `EwsMaxUpload` set to 150 MB. The sync will now complete in three bursts instead of 30, and Outlook will switch back to incremental mode automatically.

Identify Stuck Move Requests

A mailbox that is still being migrated from on-premise to online can appear split. Run `Get-MoveRequest -Identity alias@domain | Get-MoveRequestStatistics`. If the Status is `StalledDueToCI`, the content index is corrupt on the target database.

Run `New-MailboxRepairRequest -Mailbox alias@domain -CorruptionType SearchFolder,AggregateCounts,FolderView` and wait for the 100 % event ID 10059 in Application log. Only after this repair completes will the client reconcile the last 5 % of missing messages.

Handle Delegation and Shared Folder Glitches

Delegates who open a manager’s calendar sometimes see stale frees/busy data for just one day. This occurs when the delegate’s client caches a partial calendar folder that lacks the newer 64-bit folder ID introduced by auto-expanding archiving.

Remove the manager from the delegate’s profile via File > Account Settings > Delegate Access, then re-add with “Download shared folders” unchecked. Outlook will now fetch the calendar fresh and pick up the correct ID range.

Force SCN Refresh for Public Folders

Public folder favorites can refuse to update because the hierarchical cache stores an old System Change Number. Close Outlook, delete the file `pubfoldersync.db` from `%localappdata%MicrosoftOutlook`, and restart. The client will perform a one-time full hierarchy crawl and align the SCN with the store.

Patch and Update Strategically

Microsoft quietly fixes sync regressions in monthly forks. Compare your build number under File > Office Account to the current Semi-Annual Enterprise Channel release listed in the “Outlook update history” KB. If you are two builds behind, the fix for the “ghost meeting” sync bug is already shipped but not yet installed.

Use `OfficeC2RClient.exe /update user updatetoversion=16.0.17029.20028` to jump straight to the build that resolved your exact symptom without waiting for the rolling broad deployment.

Block Bad Updates When Necessary

If a new update introduces a regression, create the DWORD `UpdateBranch` under `HKLMSoftwarePoliciesMicrosoftoffice16.0commonofficeupdate` and set it to 4. This locks the client to the Deferred Channel for 90 days, giving IT time to validate the next patch.

Monitor Proactively with Built-In Tools

Create a custom rule in Outlook’s Advanced Alert window: trigger when message count in Sync Issues exceeds 5 in 24 hours. Route the alert to a Teams channel so help-desk can intervene before the user notices missing mail.

Pair the alert with a weekly PowerShell report that exports `Get-SyncRequest -ResultSize unlimited | Where-Object {$_.Status -ne ‘Completed’}` to CSV. Trending user names that appear three weeks in a row usually have a roaming laptop that never sleeps long enough to finish incremental sync.

Deploy the Outlook Sync Diagnostics Tool

Deploy the free SaRA Enterprise package via SCCM. Configure the silent switch `-AcceptEula -Mode Sss -Scenario OutlookSyncIssue`. The tool uploads anonymized telemetry to Microsoft, and you receive a back-end dashboard that flags mailboxes whose sync latency exceeds 95th percentile for your tenant.