π ~1 min read
Table of contents
Symptom & Impact
System clock drifts because chrony cannot communicate with configured time servers.
Environment & Reproduction
Occurs in segmented networks where outbound UDP 123 is blocked by policy changes.
Root Cause Analysis
Time synchronization traffic is filtered, leaving chrony in unsynchronized state indefinitely.
Quick Triage
Check chronyc tracking output and test UDP reachability to upstream peers.
Step-by-Step Diagnosis
Review chrony sources, packet captures, and firewall rules affecting NTP transport paths.
Solution – Primary Fix
Permit required NTP traffic, reload firewall policy, and force chrony source refresh.
Still having issues? Our Server Management team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Use internal relay time servers to minimize cross-zone firewall dependencies.
Verification & Acceptance Criteria
Chrony reports synchronized status and stable low offset across observation period.
Rollback Plan
Reinstate previous firewall baseline if broader rules create security concerns.
Prevention & Hardening
Include NTP flows in baseline firewall tests and monitor sync drift alarms.
Related Errors & Cross-Refs
Linked with TLS handshake failures and token validation errors due to clock skew.
Related tutorial: View the step-by-step tutorial for Ubuntu 16.04 LTS.
View all Ubuntu 16.04 LTS tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Refer to chrony documentation and secure enterprise time distribution practices.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
