Fix Guides

How to Fix Salesforce Sandbox Sync & Refresh Issues

Step-by-step fix guide with AI-powered diagnosis from BuildForce.

Sandbox sync issues stem from Salesforce refresh stripping connected app secrets, named credentials losing OAuth tokens, schema drift between production and sandbox after manual changes, and integration users not existing in the refreshed sandbox. The fix is to maintain a post-refresh checklist that reauthorizes named credentials, re-runs your integration-user provisioning scripts, validates schema parity via metadata diff, and runs an integration health check before UAT starts. BuildForce tracks sandbox-to-prod schema drift continuously and runs post-refresh validation on demand.

Symptoms

  • Integrations work in prod but 401/403 in sandbox after refresh
  • Named credentials show "needs authentication" status
  • Integration user IDs from prod don't exist in the refreshed sandbox
  • Custom metadata or custom settings hold prod-only values that break sandbox flows
  • Schema in sandbox diverges from prod silently after parallel admin changes

Fix Steps

  1. 1. Re-authorize every Named Credential in Setup > Named Credentials. Test each with the "Test Connection" button.
  2. 2. Re-run integration user provisioning (SFDX script or admin runbook). Confirm permission sets and profile assignments.
  3. 3. Update environment-specific custom metadata values (API endpoints, webhook URLs, environment names).
  4. 4. Run a metadata diff against prod: sf project diff or use Gearset/Salto. Resolve any drift before UAT.
  5. 5. Trigger an integration health check (BuildForce or your monitoring tool) against the refreshed sandbox.
  6. 6. Run a smoke test on critical integration flows (lead conversion, opportunity sync, ticket creation).

Post-Refresh Checklist (Save This)

  • Named credentials reauthorized
  • Integration users provisioned with correct permission sets
  • Custom metadata environment values updated
  • Email deliverability toggled (Setup > Email > Deliverability) to System Email Only to avoid spamming customers
  • Connected apps re-enabled and OAuth scopes confirmed
  • Schema diff resolved or annotated
  • Integration health check passed

FAQ

Why do my integrations break after a sandbox refresh?

Refresh wipes named credential secrets, invalidates OAuth tokens, and resets connected app session policies. Custom settings and custom metadata that hold environment-specific values may or may not copy depending on type. Integration users from production may not exist in the refreshed sandbox until you re-run your user-provisioning scripts.

What's the difference between Partial Copy, Full Copy, and Developer sandboxes?

Developer sandboxes copy metadata only — no data. Developer Pro is the same but larger. Partial Copy includes a configurable subset of data via a sandbox template (up to 10K records per object). Full Copy mirrors production data. Refresh behavior is the same across all — secrets are stripped.

How do I detect schema drift between prod and sandbox?

Run a metadata diff using SFDX (sfdx force:source:diff or the newer sf project diff), or use a tool like Gearset, Salto, or Copado that does metadata comparison. BuildForce tracks schema drift between connected orgs continuously and surfaces deltas in object, field, and validation rule definitions.

Should I refresh sandboxes on a schedule?

Yes — but with discipline. Set a refresh calendar (e.g., monthly for Full Copy, weekly for Partial Copy) and run an automated post-refresh checklist: re-authorize named credentials, re-run integration user provisioning, reseed test data, and validate critical integrations end-to-end.

Can BuildForce automate post-refresh validation?

Yes. Hook BuildForce's API into your refresh workflow and it'll run a full integration health check immediately after refresh — surfacing broken named credentials, missing users, and schema deltas before your team starts UAT.

Get AI-Powered DiagnosisSee Pricing