How to Discover and Resolve Server Time Mismatch using NTP Client?

Accurate server time is crucial for authentication, certificate validation, and communication between managed devices and servers. A mismatch in server time can cause failures in operations such as enrollment, profile distribution, or app deployment. To detect and correct such mismatches, the NTP (Network Time Protocol) client can be used to synchronise the system time with trusted external hosts. This document explains how admins can identify server time mismatches and synchronise with reliable time sources.

Pre-requisites

1. Admin access to the server.
2. NTP client installed on the server.
3. Outbound access enabled to .google.com and .apple.com for time synchronisation.

Steps to Discover and Sync Server Time

1. Check Current Server Time
   • Run the following command to display the current server time:
     Command: date
   • Compare the displayed time with a reliable external time source (for example, time from a trusted NTP server or another reference device).
2. Use NTP Client to Detect Time Mismatch
   • Run the NTP query command to check for drift:
     Command: ntpdate -q time.google.com or ntpdate -q time.apple.com
   • The output will display the offset (difference) between the server time and the external time source.
3. Synchronize Server Time : If a mismatch is detected:
   • Run the following command to synchronise with Google:
     Command: ntpdate time.google.com
   • Alternatively, sync with Apple:
     Command: ntpdate time.apple.com

Hosts Used for Time Sync

The following external hosts are used for server time synchronisation:
1. time.google.com
2. time.apple.com

Outcome

• Server time will be synchronised with reliable NTP sources.
• Issues caused by time drift (e.g., certificate validation failures or communication errors) will be minimised.

If the issue still persists, please contact our MDM support team.