diff --git a/client/man/ipa-client-install.1 b/client/man/ipa-client-install.1
index cad3c1796..2c6ac884e 100644
--- a/client/man/ipa-client-install.1
+++ b/client/man/ipa-client-install.1
@@ -116,7 +116,7 @@ Configure chronyd to use this NTP server. This option can be used multiple times
 Configure chronyd to use this NTP server pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP client (chornyd).
+Do not configure NTP client (chronyd).
 .TP
 \fB\-\-force\-chrony\fR
 Stop and disable any time&date synchronization services besides chronyd.
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 45425ee15..936e9d4cc 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -90,7 +90,7 @@ Configure chronyd to use this NTP server. This option can be used multiple times
 Configure chronyd to use this NTP server pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP client (chornyd).
+Do not configure NTP client (chronyd).
 .TP
 \fB\-\-force\-chrony\fR
 Stop and disable any time&date synchronization services besides chronyd.
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 2b64e6b52..9c8b5f70e 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -48,7 +48,7 @@ Configure chronyd to use this NTP server. This option can be used multiple times
 Configure chronyd to use this NTP server pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP client (chornyd).
+Do not configure NTP client (chronyd).
 .TP
 \fB\-\-force\-chrony\fR
 Stop and disable any time&date synchronization services besides chronyd.
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 6d173a237..2df233308 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -2347,9 +2347,9 @@ def update_ipa_nssdb():
 
 def sync_time(options, fstore, statestore, force):
     """
-    Will disable any other time synchronization service if there is
-    --force-chrony option set, and configure chrony with given ntp(chrony)
-    server and/or pool using Augeas in configure_chrony method.
+    Will disable any other time synchronization service if the --force-chrony
+    option set, and configure chrony with given ntp(chrony) server and/or pool
+    using Augeas in configure_chrony method.
     If there is no option --ntp-server set IPADiscovery will try to find ntp
     server in DNS records.
     """
@@ -2372,18 +2372,19 @@ def sync_time(options, fstore, statestore, force):
     if ntp_servers:
         if timeconf.configure_chrony(ntp_servers, options.ntp_pool,
                                      fstore, statestore):
-            print("Done Configuring chrony.")
+            print("Done configuring chrony.")
         else:
-            print("Warning: IPA Server was unable to sync time with chrony!")
-            print("         Time synchronization is required for IPA Server "
+            print("Warning: IPA was unable to sync time with chrony!")
+            print("         Time synchronization is required for IPA "
                   "to work correctly")
             logger.warning(
                 "Unable to sync time with chrony server, assuming the time "
                 "is in sync. Please check that 123 UDP port is opened, "
                 "and any time server is on network.")
     else:
-        print("Warning: chrony not configured, using default configuration.")
-        logger.warning("No SRV records of NTP servers found nor NTP server  "
+        print("Warning: Skipping chrony configuration. "
+              "The default configuration will be used.")
+        logger.warning("No SRV records of NTP servers found and no NTP server "
                        "address was provided. Skipping chrony configuration, "
                        "default configuration will be used")
 
@@ -3477,7 +3478,7 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
         None, False,
         deprecated=True,
         description="Stop and disable any time&date synchronization services "
-                    "besides ntpd.\n"
+                    "besides ntpd. "
                     "This option has been obsoleted by --force-chrony",
     )
     force_ntpd = enroll_only(force_ntpd)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 895555a3e..37f425ef1 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -29,6 +29,7 @@ from ipapython import dnsutil
 from ipapython.dn import DN
 from ipaplatform.constants import constants
 from ipaplatform.paths import paths
+from ipaserver import servroles
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance
 from ipaserver.install import httpinstance
@@ -1608,24 +1609,31 @@ def ntpd_cleanup(fqdn, fstore):
         except Exception as e:
             logger.info("Service ntpd was not disabled or stopped")
 
-    ntpd_files = [paths.NTP_CONF, paths.NTP_STEP_TICKERS, paths.SYSCONFIG_NTPD]
-    for ntpd_file in ntpd_files:
+    for ntpd_file in [paths.NTP_CONF, paths.NTP_STEP_TICKERS,
+                      paths.SYSCONFIG_NTPD]:
         try:
-            fstore.untrack_file(ntpd_file)
-            os.remove(ntpd_file)
-        except IOError:
-            logger.warning(
-                "No access to the %s, file could not be deleted.", ntpd_file)
+            fstore.restore_file(ntpd_file)
         except ValueError as e:
-            logger.warning("Error: %s", e)
+            logger.warning(e)
 
-    connection = api.Backend.ldap2
     try:
-        connection.delete_entry(DN(('cn', 'NTP'), ('cn', fqdn),
-                                   api.env.container_masters))
+        api.Backend.ldap2.delete_entry(DN(('cn', 'NTP'), ('cn', fqdn),
+                                       api.env.container_masters))
     except ipalib.errors.NotFound:
         logger.warning("Warning: NTP service entry was not found in LDAP.")
 
+    ntp_role_instance = servroles.ServiceBasedRole(
+         u"ntp_server_server",
+         u"NTP server",
+         component_services=['NTP']
+    )
+
+    updated_role_instances = tuple()
+    for role_instance in servroles.role_instances:
+        if role_instance is not ntp_role_instance:
+            updated_role_instances += tuple([role_instance])
+
+    servroles.role_instances = updated_role_instances
     sysupgrade.set_upgrade_state('ntpd', 'ntpd_cleaned', True)
 
 
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
index dd235a4e1..dfe1ebf98 100644
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -243,12 +243,6 @@ class config(LDAPObject):
             doc=_('IPA servers configured as certificate authority'),
             flags={'virtual_attribute', 'no_create', 'no_update'}
         ),
-        Str(
-            'ntp_server_server*',
-            label=_('IPA NTP servers'),
-            doc=_('IPA servers with enabled NTP'),
-            flags={'virtual_attribute', 'no_create', 'no_update'}
-        ),
         Str(
             'ca_renewal_master_server?',
             label=_('IPA CA renewal master'),
@@ -548,7 +542,7 @@ class config_mod(LDAPUpdate):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         self.obj.show_servroles_attributes(
-            entry_attrs, "CA server", "IPA master", "NTP server", **options)
+            entry_attrs, "CA server", "IPA master", **options)
         return dn
 
 
@@ -558,5 +552,5 @@ class config_show(LDAPRetrieve):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         self.obj.show_servroles_attributes(
-            entry_attrs, "CA server", "IPA master", "NTP server", **options)
+            entry_attrs, "CA server", "IPA master", **options)
         return dn