🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: SUSE Linux Enterprise Server 15

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

System clocks diverge from upstream by more than 100 ms, breaking Kerberos and TLS.

Environment & Reproduction

Seen on virtualised SLES 15 guests with paravirtual clocks and noisy hypervisor neighbours.

Root Cause Analysis

Wrong clocksource or misconfigured `makestep` and `iburst` keep chronyd from disciplining fast.

Quick Triage

Use `chronyc tracking` and `chronyc sources` to inspect current offset and reach.

Step-by-Step Diagnosis

Check `/proc/sys/kernel/clocksource` and `/etc/chrony.conf` for `iburst` and step thresholds.

Illustrative mockup for sles-15 — ntp_chronyd-time-drift_terminal
Terminal diagnostics for Chronyd time drifts beyond acceptable threshold — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set `makestep 1.0 3` and add `iburst` to all servers in `chrony.conf`, then restart chronyd.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for sles-15 — ntp_chronyd-time-drift_logs
Logs and evidence for Chronyd time drifts beyond acceptable threshold — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Switch to kvm-clock as preferred clocksource if guest hardware exposes it.

Verification & Acceptance Criteria

`chronyc tracking` reports offset below 50 ms and `System time` is healthy in logs.

Rollback Plan

Revert `makestep` to defaults if a misconfiguration causes time jumps mid-workload.

Prevention & Hardening

Pin time servers via DHCP option 42 or static config and alert on offset.

Pairs with Kerberos `clock skew too great` and `cert not yet valid` TLS errors.

Related tutorial: View the step-by-step tutorial for sles-15.

View all sles-15 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

SUSE chrony configuration and clocksource tuning documentation.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.