EN FR
Check-NTP / Daemon Troubleshooting

⚙️ NTP Daemon Issues

Troubleshoot ntpd, chronyd, and systemd-timesyncd problems

Quick Navigation

Identify Your NTP Daemon

First, determine which NTP daemon your system uses:

# Check which NTP service is active root@server:~# systemctl list-units --type=service | grep -E "ntp|chrony|time" chronyd.service loaded active running NTP client/server systemd-timesyncd.service loaded active running Network Time Synchronization
DaemonConfig FileQuery Command
ntpd (classic) /etc/ntp.conf ntpq -p
chronyd /etc/chrony/chrony.conf or /etc/chrony.conf chronyc sources
systemd-timesyncd /etc/systemd/timesyncd.conf timedatectl timesync-status
W32Time (Windows) Registry / GPO w32tm /query /status

Daemon Not Starting

Symptom: Service fails to start or immediately stops

The NTP service won't start, or starts and immediately crashes.

Check Service Status

root@server:~# systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: failed (Result: exit-code) since... # Check detailed logs root@server:~# journalctl -xeu chronyd --no-pager | tail -50

Common Causes & Solutions

Cause 1: Configuration Syntax Error

# Test config file syntax (chronyd) root@server:~# chronyd -p # Test config file syntax (ntpd) root@server:~# ntpd -n -d -c /etc/ntp.conf

Cause 2: Port 123 Already in Use

# Check what's using port 123 root@server:~# ss -ulnp | grep 123 UNCONN 0 0 *:123 *:* users:(("ntpd",pid=1234,fd=16)) # Kill conflicting process root@server:~# systemctl stop ntpd root@server:~# systemctl start chronyd

Cause 3: Permission Issues

# Check drift file permissions root@server:~# ls -la /var/lib/chrony/drift root@server:~# chown chrony:chrony /var/lib/chrony/drift # For ntpd root@server:~# chown ntp:ntp /var/lib/ntp/drift

Cause 4: Multiple NTP Services Conflicting

# Disable conflicting services root@server:~# systemctl disable --now systemd-timesyncd root@server:~# systemctl disable --now ntpd # Enable only one root@server:~# systemctl enable --now chronyd

Stratum 16 / No Sync Source

Symptom: System shows stratum 16 or "unsynchronised"

Stratum 16 means the NTP daemon has no valid time source. This is the "invalid/unknown" stratum level.

# ntpq showing stratum 16 root@server:~# ntpq -c rv ...stratum=16, precision=-23... # chronyc showing not synchronized root@server:~# chronyc tracking Reference ID : 00000000 () Stratum : 0 ... Leap status : Not synchronised

Solutions

Check NTP Server Configuration

# Verify servers are configured root@server:~# grep -E "^server|^pool" /etc/chrony/chrony.conf pool 2.debian.pool.ntp.org iburst server ntp.rdem-systems.com iburst prefer

Test Server Connectivity

# Can we reach NTP servers? root@server:~# chronyc sources -v MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? ntp.rdem-systems.com 0 6 0 - +0ns[ +0ns] +/- 0ns # Reach = 0 means no successful queries

Check Firewall

# Test UDP 123 connectivity root@server:~# nc -vzu ntp.rdem-systems.com 123 # If blocked, see firewall guide

See Firewall Configuration Guide →

Force Initial Sync

# For chronyd - force step sync root@server:~# chronyc makestep # For ntpd - manual initial sync root@server:~# systemctl stop ntpd root@server:~# ntpdate -b pool.ntp.org root@server:~# systemctl start ntpd

Stuck in .INIT State

Symptom: NTP shows .INIT for all servers

The refid column shows ".INIT." indicating the daemon hasn't completed initial synchronization.

root@server:~# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 0.pool.ntp.org .INIT. 16 p - 64 0 0.000 0.000 0.000

Common Causes

Solution: Check DNS Resolution

# Test DNS for NTP pool root@server:~# host pool.ntp.org pool.ntp.org has address 162.159.200.1 pool.ntp.org has address 162.159.200.123 # If DNS fails, use IP addresses in config root@server:~# echo "server 195.154.XXX.XXX iburst" >> /etc/ntp.conf

Solution: Fix Large Time Offset

# Check current offset root@server:~# ntpdate -q pool.ntp.org server 162.159.200.1, stratum 3, offset -3600.123456... # If offset > 1000s, manually set time first root@server:~# systemctl stop ntpd root@server:~# ntpdate -b pool.ntp.org root@server:~# systemctl start ntpd

Wait Time

Initial synchronization can take 5-15 minutes depending on network conditions and polling intervals. Check the "reach" value - it should increase from 0 to 377 over time as queries succeed.

False Ticker Detection

Symptom: Server marked with 'x' (falseticker)

NTP has determined this server's time differs significantly from the majority of sources.

root@server:~# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== xntp1.example.com .GPS. 1 u 45 64 377 12.543 -250.284 1.023 *ntp2.example.com .PPS. 1 u 42 64 377 28.123 0.842 2.156

Understanding False Tickers

NTP uses a voting algorithm. If one server disagrees with the majority by more than a threshold, it's marked as a "false ticker" (x) and excluded from time calculations.

Solution 1: Add More Servers

With only 2 servers, NTP can't determine which is correct. Use at least 4 servers:

# /etc/ntp.conf or /etc/chrony/chrony.conf server ntp.rdem-systems.com iburst prefer pool 0.pool.ntp.org iburst maxsources 2 pool 1.pool.ntp.org iburst maxsources 2

Solution 2: Verify Server Accuracy

# Query each server individually root@server:~# ntpdate -q ntp1.example.com root@server:~# ntpdate -q ntp2.example.com # Remove servers with consistently bad offsets

Solution 3: Check GPS/PPS Source

If a GPS receiver is marked false ticker, check:

  • GPS antenna signal strength
  • Number of satellites locked (need 4+)
  • PPS signal cable and configuration

Reach Value is 0

Symptom: Reach column shows 0 for all servers

No successful NTP queries have been received. The daemon cannot communicate with any server.

root@server:~# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== pool.ntp.org .POOL. 16 p - 64 0 0.000 0.000 0.000

Understanding Reach

Reach is an 8-bit octal register showing the last 8 query results. 377 (octal) = 11111111 (binary) = all 8 queries succeeded. 0 = no successful queries.

Diagnostic Steps

# 1. Check daemon is sending queries root@server:~# tcpdump -i any port 123 -c 10 # 2. Check firewall isn't blocking root@server:~# iptables -L -n | grep 123 # 3. Test manual NTP query root@server:~# ntpdate -d pool.ntp.org 2>&1 | head -30 # 4. Check for routing issues root@server:~# traceroute -U -p 123 pool.ntp.org

Common Fixes

  1. Open firewall: ufw allow 123/udp
  2. Check DNS works: host pool.ntp.org
  3. Use IP instead of hostname in config
  4. Restart daemon: systemctl restart chronyd
  5. Wait - reach increases every poll interval

Chrony-Specific Issues

chronyc "506 Cannot talk to daemon"

Symptom: chronyc commands fail with connection error

Solution

# Check if chronyd is running root@server:~# systemctl status chronyd # Check cmdport setting in config root@server:~# grep cmdport /etc/chrony/chrony.conf # Ensure cmdport is not set to 0 (disabled)

"makestep" Doesn't Work

Check makestep configuration

# In /etc/chrony/chrony.conf, ensure makestep is configured makestep 1 3 # Step if offset > 1s, first 3 updates # Or force with -1 makestep 1 -1 # Step if offset > 1s, unlimited times

Slow Initial Sync

Speed up initial synchronization

# Add iburst to server lines server ntp.rdem-systems.com iburst # Use initstepslew for boot-time correction initstepslew 10 ntp.rdem-systems.com pool.ntp.org

Windows W32Time Issues

"The computer did not resync because no time data was available"

Solution

:: Reset W32Time configuration C:\> net stop w32time C:\> w32tm /unregister C:\> w32tm /register C:\> net start w32time :: Configure NTP server C:\> w32tm /config /manualpeerlist:"pool-ntp.rdem-systems.com,0x8" /syncfromflags:manual /update :: Force sync C:\> w32tm /resync /force

Domain Controller Time Issues

Configure PDC Emulator

:: On PDC Emulator (run as Administrator) C:\> w32tm /config /manualpeerlist:"pool-ntp.rdem-systems.com" /syncfromflags:manual /reliable:yes /update C:\> net stop w32time && net start w32time C:\> w32tm /resync :: Other DCs will sync from PDC automatically

Hyper-V Time Sync Conflicts

Virtual Machine Warning

Hyper-V VMs have time sync integration services that can conflict with W32Time. Disable VM time sync if using external NTP:

:: In Hyper-V Manager: :: VM Settings → Integration Services → Uncheck "Time synchronization" :: Or via PowerShell PS C:\> Disable-VMIntegrationService -VMName "YourVM" -Name "Time Synchronization"

Verify Your Fix

After troubleshooting, test your NTP synchronization:

Run NTP Diagnostics Firewall Guide

Powered by RDEM Systems Stratum 1 Infrastructure

Check-NTP Home | Firewall Guide

Professional NTP diagnostics by RDEM Systems SAS