📖 ~1 min read
Table of contents
Symptom & Impact
System clock drift grows because chronyd is not synchronizing on RHEL 9.
Environment & Reproduction
chronyc reports unsynchronized status, TLS services fail, and Kerberos tokens become invalid.
Root Cause Analysis
NTP sources are unreachable, blocked by firewalld, misconfigured in chrony.conf, or chronyd is inactive.
Quick Triage
Run ‘timedatectl’ and ‘chronyc tracking’ to confirm if the clock is synchronized.
Step-by-Step Diagnosis
Use ‘chronyc sources -v’ to identify unreachable servers and high offset peers.
Solution – Primary Fix
Execute ‘sudo systemctl restart chronyd’ then ‘chronyc tracking’ to verify recovery.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Allow NTP when needed with firewalld and ensure upstream UDP/123 connectivity in network controls.
Verification & Acceptance Criteria
Validate source hostnames resolve correctly and outbound routes reach designated time servers.
Rollback Plan
SELinux rarely blocks chronyd defaults, but inspect AVC logs if custom paths or services were introduced.
Prevention & Hardening
Use ‘sudo journalctl -u chronyd –no-pager -n 100’ for source selection and step/slew errors.
Related Errors & Cross-Refs
For large drift, use ‘sudo chronyc makestep’ in approved maintenance windows before sensitive workloads resume.
Related tutorial: View the step-by-step tutorial for rhel-9.
View all rhel-9 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Configure multiple trusted NTP sources and monitor tracking offset to catch drift early.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
