How to Configure NTP on AIX

— ny_wk

Configuring NTP on AIX means pointing the xntpd daemon at a reliable time source, validating synchronization with lssrc -ls xntpd, and making the daemon start automatically on reboot. This guide walks through a complete server-and-client setup, the exact commands, the common failure modes, and how to verify the clock is actually synced.

Accurate time on AIX is not cosmetic. Kerberos authentication, NFS, database replication, SSL certificate validation, log correlation, and cluster heartbeats all break or behave unpredictably when system clocks drift apart. The Network Time Protocol (NTP) keeps every host on your network aligned to a common reference, and on AIX that protocol is implemented by the xntpd subsystem managed through the System Resource Controller (SRC).

What you need before configuring NTP on AIX

Before you touch any configuration file, confirm a few prerequisites. Getting these right up front prevents the most common synchronization failures.

Root access on both the server and the client (editing /etc/ntp.conf and controlling SRC subsystems requires it).
The bos.net.tcp.client fileset installed, which provides xntpd, ntpdate, and ntpq. Verify with lslpp -l bos.net.tcp.client.
Network reachability to your upstream time source on UDP port 123 in both directions. NTP uses UDP, so a one-way firewall rule silently breaks replies.
The IP address or hostname of at least one trustworthy NTP source — ideally a corporate time server, or public pool servers such as those at pool.ntp.org.

Step 1: Configure the NTP server on AIX

The role of the local NTP server is to provide time to your other AIX clients. Ideally it gets its own time from a higher-stratum upstream source. If no external source is reachable, AIX can fall back to its own hardware clock as an undisciplined local reference using the address 127.127.1.0 — useful for an isolated network, but understand it only keeps machines consistent with each other, not with real-world time.

First, check the current state of the daemon:

Query the running xntpd subsystem in detail:
lssrc -ls xntpd
Look at the Sys peer field in the output. It should show a valid upstream server address or 127.127.1.0. If it reports insane or shows no peer, the server is not disciplined and you must fix the configuration.

Edit the configuration file to define a time source:

Open the config:
vi /etc/ntp.conf
Add a real upstream server (strongly preferred). Adding the prefer keyword tells xntpd to favor this peer:
server time.example.com prefer

If — and only if — no upstream is available, fall back to the local clock driver:

server 127.127.1.0

fudge 127.127.1.0 stratum 10
Make sure the broadcastclient directive is commented out on a server. Leaving it on can cause the server to chase broadcast time announcements instead of acting authoritatively.
Leave the driftfile (typically /etc/ntp.drift) and any tracefile entries at their defaults — the drift file lets the daemon remember your clock's frequency error across restarts.

Restart the daemon so it reads the new configuration. AIX manages xntpd through SRC, so use stopsrc and startsrc rather than killing the process directly:

stopsrc -s xntpd
startsrc -s xntpd

The -x flag: protecting database servers from clock steps

On hosts running databases (Oracle, DB2) or any application sensitive to time going backwards, start the daemon with the -x flag. This forces xntpd to slew the clock (gradually speeding it up or slowing it down) rather than stepping it (an abrupt jump). Slewing guarantees the clock never moves in a negative direction, which prevents transaction timestamp and log-sequence corruption.

Pass the flag as a subsystem argument:

startsrc -s xntpd -a "-x"

The trade-off: slewing corrects offset slowly (roughly 0.5 ms per second), so a large initial offset can take a long time to converge. That is exactly why you set the clock close before starting the daemon (covered below).

After restarting, re-run lssrc -ls xntpd and re-check Sys peer. Be patient: NTP deliberately samples a peer several times and applies statistical filtering before it trusts and selects it. Initial synchronization commonly takes 5 to 12 minutes, so do not assume failure if the first check still shows no peer.

Step 2: Configure the NTP client on AIX

With the server disciplined, configure each client to synchronize against it. The single most important rule is the 1000-second offset limit: xntpd will refuse to discipline the clock if the client is more than 1000 seconds (about 16.7 minutes) away from the server. Test this first.

Run a one-shot probe against the server in debug mode. This does not change the clock; it reports what the daemon would see:
ntpdate -d ip.address.of.server
Read the reported offset at the end of the output. If the absolute offset is under 1000 seconds, you are good to proceed.
If the offset is greater than 1000 seconds, set the time manually to get within range, then re-run the probe. You can set time with the date command, for example to set the clock to 28 June 2026, 14:30:00:
date 0628143026

(The AIX date set format is MMDDhhmm[YY].) After adjusting, run ntpdate -d ip.address.of.server again and confirm the offset is now small.

If you instead see the message "no server suitable for synchronization found", the client never got a usable reply. Work through the troubleshooting section below — it is almost always a firewall, a stopped server daemon, or an unsynchronized (high-stratum/insane) server.

Now point the client at the server permanently:

Edit the client's configuration:
vi /etc/ntp.conf
Comment out the broadcastclient line if present, and add an explicit server entry with prefer:
server ip.address.of.server prefer
Leave driftfile and tracefile at their defaults.
Start the daemon (add -a "-x" if this client also runs a database):
startsrc -s xntpd

Make xntpd start automatically on reboot

By default the daemon is not enabled at boot. AIX starts network daemons from /etc/rc.tcpip, where the xntpd start line is shipped commented out. Enable it so time sync survives a reboot:

Edit the boot script:
vi /etc/rc.tcpip
Find and uncomment the start line (remove the leading #):
start /usr/sbin/xntpd "$src_running"
If you use the -x slew flag, append it inside the quotes as the argument list. The quotes are required:
start /usr/sbin/xntpd "$src_running" "-x"

This start function only launches the daemon if it is not already running, so it is safe to leave enabled even if you start xntpd manually.

Step 3: Verify the AIX NTP client is synchronized

Confirmation is the part most people skip — and then discover months later that nothing was ever syncing. Validate with these commands:

Check the subsystem state and selected peer:
lssrc -ls xntpd

The Sys peer field should now display the IP address or hostname of your NTP server. Allow up to 12 minutes for selection.
List all peers and their status with the query tool:
ntpq -p

A leading * next to a peer marks the currently selected system peer; a + marks candidates accepted by the selection algorithm. Watch the reach column climb toward 377 (octal for eight successful polls) and the offset/jitter stay small.
Confirm SRC sees the subsystem as active:
lssrc -s xntpd

Status should read active.

Once ntpq -p shows a starred peer with a reach approaching 377, the client is genuinely disciplined.

Common pitfalls and troubleshooting

Most AIX NTP problems fall into a handful of recurring categories. Use this table to map a symptom to its cause.

Symptom	Likely cause	Fix
"no server suitable for synchronization found"	UDP 123 blocked, server daemon down, or server itself unsynced	Open port 123 both ways; confirm `lssrc -ls xntpd` on the server shows a valid Sys peer
Offset never drops, clock never disciplines	Initial offset exceeded 1000 seconds	Set time manually with `date`, then restart `xntpd`
Sys peer shows "insane"	No valid server line, or upstream unreachable/high stratum	Add a real `server` line to `/etc/ntp.conf`; restart the daemon
Daemon dies on boot	`rc.tcpip` line still commented, or bad quoting on `-x`	Uncomment the start line; ensure `"-x"` is inside quotes
Clock jumps backward and breaks the DB	Stepping instead of slewing	Start with `-a "-x"` to force slew-only correction

A few additional gotchas worth internalizing:

UDP, not TCP. Because NTP is connectionless, an asymmetric firewall rule that permits outbound but blocks inbound UDP 123 produces the "no server" error with no other clue.
Patience beats restarting. Repeatedly bouncing the daemon resets the sampling window and actually delays synchronization. Give it the full polling cycle.
One source is a single point of failure. For production, list three or more server lines so the selection algorithm can detect and reject a "falseticker."
Stratum matters. A server syncing only to its own 127.127.1.0 local clock advertises a high stratum; clients will sync to it but should not treat it as authoritative real-world time.

Modern note: NTP on current AIX versions

The procedure above references AIX 5L, which reached end of support years ago — if you are still running it, plan a migration, because it receives no security fixes. The good news is that the workflow is almost identical on modern AIX 7.2 and AIX 7.3: the subsystem is still xntpd, the file is still /etc/ntp.conf, and SRC commands (startsrc, stopsrc, lssrc) are unchanged.

The notable evolution is ntpd version 4 (xntpd v4), available on AIX 6.1 and later, which adds IPv6 support, stronger authentication, and improved drift handling. Newer AIX also ships ntpd4 alongside the classic daemon — check your level with lslpp -l | grep ntp and consult the ntpd man page for the flags supported on your release. The -x slew behavior, the 1000-second step threshold, and the boot-enablement via /etc/rc.tcpip all remain valid. On other platforms the wider industry is moving toward chrony, but on AIX the maintained, IBM-supported path is still the xntpd SRC subsystem.

Key Takeaways

Manage the daemon through SRC: use startsrc, stopsrc, and lssrc -ls xntpd — never kill the process directly.
Define a real upstream server in /etc/ntp.conf with the prefer keyword; only fall back to the 127.127.1.0 local clock on isolated networks.
Respect the 1000-second rule: if ntpdate -d reports an offset over 1000 seconds, set the time manually first or the clock will never discipline.
Use -x on database hosts to slew rather than step the clock, so time never jumps backward.
Enable boot start by uncommenting the xntpd line in /etc/rc.tcpip, and verify with ntpq -p watching reach climb to 377.

Frequently Asked Questions

How long does NTP take to sync on AIX?

Initial synchronization typically takes 5 to 12 minutes. NTP deliberately polls a peer several times and applies statistical filtering before selecting it, so Sys peer in lssrc -ls xntpd may show nothing for the first few minutes. Avoid restarting the daemon during this window, as that resets the sampling and delays sync further.

Why does ntpdate say "no server suitable for synchronization found"?

This means the client got no usable reply. The three usual causes are a firewall blocking UDP port 123 (often only in the inbound direction), the xntpd daemon not running on the server, or the server itself being unsynchronized ("insane" or high stratum). Confirm the server's lssrc -ls xntpd shows a valid Sys peer, then verify port 123 is open both ways.

What does the -x flag do in xntpd?

The -x flag forces the daemon to slew the clock — correcting it gradually — instead of stepping it with an abrupt jump. This guarantees the clock never moves backward, which is essential on database servers where a negative time change can corrupt transaction timestamps. Start it with startsrc -s xntpd -a "-x".

Is xntpd still used on modern AIX?

Yes. AIX 7.2 and 7.3 still use the xntpd SRC subsystem and /etc/ntp.conf. AIX 6.1 and later add the v4 daemon with IPv6 and stronger authentication, but the core commands and configuration approach in this guide remain valid. Always check your level with lslpp -l | grep ntp.

For more practical sysadmin and tech walkthroughs, subscribe on YouTube @explorenystream.