📖 ~1 min read
Table of contents
Symptom & Impact
System clock drifts, causing TLS failures, log skew, and scheduled job misfires.
Environment & Reproduction
Ubuntu 24.04 servers in restricted networks where outbound UDP 123 is filtered.
Root Cause Analysis
chronyd cannot reach configured sources, so stratum never converges to synchronized state.
Quick Triage
Check chrony tracking and source reachability counters immediately.
chronyc tracking; chronyc sources -vStep-by-Step Diagnosis
Inspect firewall policy and packet path while probing NTP servers from host.
sudo ufw status numbered; sudo tcpdump -ni any udp port 123 -c 20
Solution – Primary Fix
Allow UDP 123 to approved NTP servers and restart chrony service.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
sudo ufw allow out 123/udp && sudo systemctl restart chrony
Solution – Alternative Approaches
Use internal enterprise NTP relay and restrict direct internet time egress.
Verification & Acceptance Criteria
chronyc tracking reports synchronized and offset remains within operational tolerance.
Rollback Plan
Remove temporary firewall changes and rebind to internal time source if required.
Prevention & Hardening
Monitor time offset and enforce consistent NTP policy across server fleets.
Related Errors & Cross-Refs
Related to certificate validity errors and Kerberos auth failures from clock skew.
Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.
View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
chrony documentation and Ubuntu time synchronization best practices.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
