How to Fix Incorrect System Time on Ubuntu EC2 Instances Using NTP Synchronization


3 views

When running Ubuntu on AWS EC2 instances, particularly in the EU/Ireland region, you might notice significant time discrepancies despite the timezone being correctly set to UTC. The symptom typically appears as:

ubuntu@AWS-EC2 ~ $ date -R
Wed, 05 Jun 2013 07:38:58 +0000  # Actual time should be 07:48 UTC

The standard ntpdate command often fails on EC2 instances because:

ubuntu@AWS-EC2 ~ $ ntpdate
5 Jun 07:42:10 ntpdate[3583]: no servers can be used, exiting

This occurs because AWS instances typically don't have the full NTP client configuration pre-installed.

Here's the complete solution to maintain accurate time synchronization:

# Install the full NTP package
sudo apt-get update
sudo apt-get install ntp -y

# Check the default NTP servers
grep ^server /etc/ntp.conf

# For AWS-specific configuration (recommended):
sudo sed -i 's/^server/#server/g' /etc/ntp.conf
echo "server 169.254.169.123 prefer iburst" | sudo tee -a /etc/ntp.conf

# Restart the NTP service
sudo service ntp restart

After configuration, verify your time sync status:

# Check NTP peers
ntpq -p

# Check sync status
timedatectl status

# Force immediate sync (if needed)
sudo ntpdate -u 169.254.169.123

Modern Ubuntu versions use systemd-timesyncd. Ensure it's properly configured:

# Check current configuration
timedatectl show

# Configure to use AWS's internal time source
sudo tee /etc/systemd/timesyncd.conf <

If time sync still fails:

# Check firewall rules
sudo iptables -L

# Verify NTP port access
nc -zv 169.254.169.123 123

# Check service logs
journalctl -u ntp -u systemd-timesyncd --no-pager -n 50

The AWS internal NTP server (169.254.169.123) should always be accessible from any EC2 instance without additional firewall configuration.

Running web servers on AWS EC2 instances requires precise time synchronization. When I deployed three Ubuntu servers in eu-west-1 (Ireland) region, I noticed significant time discrepancies:

# On properly synchronized instance (EC2-3)
ubuntu@AWS-EC2-3 ~ $ date -R
Wed, 05 Jun 2013 07:47:29 +0000

# On problematic instances (EC2-1 and EC2-2)
ubuntu@AWS-EC2-1 ~ $ date -R
Wed, 05 Jun 2013 07:38:58 +0000  # ~10 minutes behind

Time synchronization is crucial for:

  • HTTPS certificate validation
  • Database replication
  • Log correlation
  • Session management

The default ntpdate command failed with:

ubuntu@AWS-EC2-1 ~ $ ntpdate
5 Jun 07:42:10 ntpdate[3583]: no servers can be used, exiting

Inspection of /etc/default/ntpdate revealed the configuration expects to use servers from ntp.conf:

# /etc/default/ntpdate contents
NTPDATE_USE_NTP_CONF=yes
NTPSERVERS="ntp.ubuntu.com"

The solution was to use the Debian-specific implementation:

sudo ntpdate-debian
# Output shows successful sync:
5 Jun 07:51:58 ntpdate[3619]: step time server 91.189.94.4 offset 561.511643 sec

For AWS environments, Chrony works better than traditional NTP:

# Install chrony
sudo apt-get install chrony

# Configure for AWS (edit /etc/chrony/chrony.conf)
server 169.254.169.123 prefer iburst
pool 0.ubuntu.pool.ntp.org iburst

# Restart service
sudo systemctl restart chrony

# Verify sync status
chronyc tracking

For older Ubuntu versions, set up a cron job:

# Create daily sync job
sudo crontab -e
# Add this line:
@daily /usr/sbin/ntpdate-debian > /var/log/ntpdate.log 2>&1

If time sync still fails:

  1. Check AWS instance metadata service: 
    curl http://169.254.169.254/latest/meta-data/
  2. Verify network time protocol isn't blocked: 
    sudo ufw allow out 123/udp
  3. Test with alternative NTP servers: 
    sudo ntpdate -u pool.ntp.org