customer enabled the authenticated NTP service on the S7706, but the AR cannot synchronize the clock from the S7706.
Strangely, through capturing packets, the AR sends packets with authentication but the S7706 responds without authentication. Therefore, the AR does not trust the clock source and cannot be authenticated.
#core switch, NTP server
#AR router1 (V200R007C00SPCb00)

Reproduce the issue and do capture to analysis.
We build the same environment of the existing network in the laboratory and can reproduce the issue. Through the capture, we find that the server checks the length of the Authentication Code while authenticating the client's synchronization packet. The length of hmac-sha256 algorithm is not right. The length of the Authentication Code should be 36, but the length of AR device is 20. The length of the string can also be seen from capturing the packet:
Actually, the length of MD5 should be 20.

It is confirmed that the length of the SHA2 algorithm at the AR product side is 20, which is inconsistent with the platform and subsequent patches are modified to be consistent with other products.

Use MD5 authentication can sync the NTP.