Description of problem:
4.2.8p11 seems to break synchronization with (TC) autokey servers; especially when running as broadcast client. 4.2.8p10 (from https://koji.fedoraproject.org/koji/buildinfo?buildID=1044801) appears to be ok.
Affects p11 in Fedora 27 too.
Upstream report and details: http://bugs.ntp.org/show_bug.cgi?id=3494
Version-Release number of selected component (if applicable):
Thanks for the upstream report. This bug is most likely due to one of the CVEs fixed in 4.2.8p11. FWIW, upstream doesn't care much about autokey since it was found to be insecure. You might want to consider switching to a symmetric key if possible.
I'm closing this bug. If/when the issue is fixed upstream, we'll get the fix in Fedora too.