π ~1 min read
Table of contents
Symptom & Impact
Time drift breaks Kerberos, TLS validation, and scheduled workloads.
Environment & Reproduction
Servers behind restricted egress or misconfigured NTP sources.
timedatectl
chronyc trackingRoot Cause Analysis
chronyd cannot reach valid upstream sources or source selection is unstable.
Quick Triage
Check service state and source reachability.
systemctl status chronyd
chronyc sources -vStep-by-Step Diagnosis
Review chronyd logs and firewall egress for UDP/123.
journalctl -u chronyd -n 200 --no-pager
firewall-cmd --list-all
Solution – Primary Fix
Configure reachable servers and restart chronyd.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
cp /etc/chrony.conf /etc/chrony.conf.bak.$(date +%F)
vi /etc/chrony.conf
systemctl restart chronyd
chronyc makestep
Solution – Alternative Approaches
Use local enterprise NTP stratum if internet time sources are blocked.
chronyc add server ntp.internal iburstVerification & Acceptance Criteria
System reports synchronized and offset remains within policy threshold.
timedatectl status
chronyc trackingRollback Plan
Restore prior chrony config if new source list introduces instability.
cp /etc/chrony.conf.bak. /etc/chrony.conf
systemctl restart chronydPrevention & Hardening
Monitor offset and stratum in centralized observability platform.
chronyc sourcestats -v
systemctl enable --now chronydRelated Errors & Cross-Refs
Leap status not synchronized, no selectable sources.
Related tutorial: View the step-by-step tutorial for rhel-10.
View all rhel-10 tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
RHEL chrony administration and time sync best practices.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
