diff --git a/client_software/0010_kwallet/user_run.sh b/client_software/0010_kwallet/user_run.sh
index 0cc2ede..108fbe2 100755
--- a/client_software/0010_kwallet/user_run.sh
+++ b/client_software/0010_kwallet/user_run.sh
@@ -18,7 +18,12 @@ if [[ -z $(wmctrl -m | grep "KWin") ]]; then
 fi
 
 #Restart the service
-systemd-run --user --scope --unit=kwalletd6-logon kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
+# Stop any leftover unit from a previous session before creating a new one
+systemctl --user stop kwalletd6-logon.service 2>/dev/null || true
+systemd-run --user --unit=kwalletd6-logon \
+    --property=RemainAfterExit=yes \
+    --property=SuccessExitStatus=1 \
+    kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
 sleep 1
 
 #Check if kwalletd is enabled now
diff --git a/client_software/0040_autostart_logon_script/logon_script.sh.desktop b/client_software/0040_autostart_logon_script/logon_script.sh.desktop
old mode 100755
new mode 100644
diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh
index b1c4430..478f5fb 100755
--- a/system_setup/sync_client_software.sh
+++ b/system_setup/sync_client_software.sh
@@ -10,6 +10,16 @@ if [ "$EUID" -ne 0 ]; then
     echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 
+# Remove 'server _gateway iburst' from chrony.conf — Anaconda adds it as a fallback but
+# _gateway is not resolvable by chronyd at startup; DHCP-sourced servers via sourcedir
+# /run/chrony-dhcp already cover NTP discovery so this line is redundant and noisy.
+_CHRONY_CONF="/etc/chrony.conf"
+if [ -f "${_CHRONY_CONF}" ] && grep -q "^server _gateway" "${_CHRONY_CONF}"; then
+    echo "Patching chrony.conf: removing unresolvable 'server _gateway' entry"
+    sed -i "/^server _gateway/d" "${_CHRONY_CONF}"
+    systemctl restart chronyd
+fi
+
 # Ensure krb5_validate = False in sssd.conf to restore offline auth
 # (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt
 #  fails with EACCES before the cached-credential fallback is reached)