🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

System time drifts, causing auth failures, log skew, and distributed job instability.

Environment & Reproduction

Seen when NTP traffic is blocked by zone rules or confined SELinux policy.

chronyc tracking
chronyc sources -v

Root Cause Analysis

UDP/123 blocked or chronyd policy constraints prevent network synchronization.

Quick Triage

Check chronyd service, UDP port policy, and SELinux mode.

systemctl status chronyd
firewall-cmd --list-services
getenforce
journalctl -u chronyd -n 60 --no-pager
dnf list installed chrony

Step-by-Step Diagnosis

Validate peer reachability and policy denials around NTP operations.

chronyc sources -v
chronyc activity
ausearch -m avc -ts recent | grep -i chronyd
ss -lunp | grep :123
Illustrative mockup for rhel-10 — chronyd_unsynced_state
Chrony unsynchronized time status — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Permit NTP service in firewalld, ensure chronyd starts on boot, and adjust SELinux booleans if needed.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo firewall-cmd --permanent --add-service=ntp
sudo firewall-cmd --reload
sudo systemctl enable --now chronyd
sudo setsebool -P nis_enabled 1 || true
Illustrative mockup for rhel-10 — chronyd_sync_restored
NTP traffic allowed and time synchronized — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use local stratum servers and explicit allow rules for isolated environments.

sudo sed -i 's/^pool /#pool /' /etc/chrony.conf
echo 'server ntp.internal iburst' | sudo tee -a /etc/chrony.conf
sudo systemctl restart chronyd

Verification & Acceptance Criteria

Chrony reports synchronized state with stable offset and reachable sources.

chronyc tracking
chronyc sourcestats -v
journalctl -u chronyd -n 30 --no-pager

Rollback Plan

Revert chrony config and remove temporary firewall/SELinux changes.

sudo cp /root/backup/chrony.conf /etc/chrony.conf
sudo firewall-cmd --permanent --remove-service=ntp
sudo firewall-cmd --reload

Prevention & Hardening

Monitor clock drift and enforce baseline time policy in provisioning.

Related to Kerberos pre-auth failures and TLS handshake validity errors.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

chrony documentation and RHEL network time synchronization guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.