How to Fix “System clock synchronized: no” in Linux with Chrony and NTP


5 views

When running timedatectl, you might notice the status System clock synchronized: no despite having NTP services like chronyd running correctly. This can be confusing, especially when the system time appears accurate and no errors are logged.

The chronyc sources output reveals all sources marked with ^?, indicating they're unreachable or not providing valid time data. This happens because:

  • Network connectivity issues block NTP servers
  • Firewall rules prevent NTP traffic (UDP port 123)
  • Server pool configuration might be incorrect

First, verify basic connectivity to NTP servers:

ping time.cloudflare.com
nc -zv time.cloudflare.com 123

Check firewall status:

sudo firewall-cmd --list-all | grep ntp
sudo iptables -L -n | grep 123

Edit /etc/chrony.conf and ensure proper server configuration:

# Example working configuration
pool 0.rhel.pool.ntp.org iburst
pool 1.rhel.pool.ntp.org iburst
pool 2.rhel.pool.ntp.org iburst
pool 3.rhel.pool.ntp.org iburst

# Enable kernel sync
makestep 1.0 3

# Allow system clock to catch up if behind
rtcsync

After configuration changes:

sudo systemctl restart chronyd
chronyc tracking
chronyc sources -v

Wait 10-15 minutes for synchronization to complete, then check:

timedatectl

If Chrony continues having issues, consider:

  1. Switching to ntpd: 
    sudo dnf install ntp
sudo systemctl enable --now ntpd
  2. Using systemd-timesyncd: 
    sudo timedatectl set-ntp true

For deeper investigation:

journalctl -u chronyd -f
chronyc sourcestats
chronyc serverstats

Check kernel time sync status:

cat /sys/devices/system/clocksource/clocksource0/current_clocksource

When running timedatectl, you might see the frustrating status "System clock synchronized: no" even though:

  • chrony service is active
  • NTP servers appear configured
  • System time appears correct

The key indicators from chronyc sources output show all sources marked with ^? which means:

210 Number of sources = 8
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? excalibur.prolixium.com       0   9     0     -     +0ns[   +0ns] +/-    0ns
[...]

This suggests the NTP servers aren't actually reachable. The Reach 0 value confirms no successful sync attempts.

Here's how to properly configure chrony and verify synchronization:

1. Verify Network Connectivity

First ensure your server can reach NTP servers:

ping time.cloudflare.com
traceroute time.cloudflare.com

2. Update chrony Configuration

Edit /etc/chrony.conf with reliable NTP servers:

# Use Cloudflare's NTP
server time.cloudflare.com iburst
# Fallback to pool servers
pool pool.ntp.org iburst

# Enable kernel sync
makestep 1.0 3

# Record drift rate
driftfile /var/lib/chrony/drift

# Enable logging
logdir /var/log/chrony

3. Restart and Verify Service

Apply changes and check status:

systemctl restart chronyd
chronyc tracking
chronyc sources -v

4. Force Immediate Sync

Manually trigger synchronization:

chronyc makestep
chronyc waitsync 30
  • Check firewall rules: firewall-cmd --list-all | grep ntp
  • Verify DNS resolution for NTP servers
  • Test with alternative NTP servers like Google's (time.google.com)

After successful configuration, timedatectl should show:

System clock synchronized: yes
NTP service: active

And chronyc tracking should display valid synchronization details including reference ID and last sync time.