Loading...
Loading...
A Backup or Backup Copy job using an Immutable Hardened Linux Repository displays the warning: A problem occurred during setting the immutable flag: repository time shift detected, immutability flag cannot be set. Please refer to KB4482 for more details
This warning is displayed when a time shift has been detected within the Linux OS of the Hardened Linux Repository. Timeshift detection was implemented to prevent the restore point immutability state from being manipulated. However, this system could also be triggered by user-caused timeshifts such as: Intentional changes to the system time by an administrator. Powering off the Linux machine for an extended time. Stopping the VeeamTransport service, which is used to track the time. Adding a Hardened Linux Repository that was previously used and already has a timeLog file present. Explanation When the immutable service starts on the Linux machine backing the Hardened Repository, a timeLog file is created in the directory /etc/veeam/immureposvc/. Every 10 minutes, the current UTC time (systemTime) and HW time (hwTime) are written to the timeLog file. Each time timeLog is updated, the difference between the current and previous value is calculated and added to a parameter named moveTime. This allows the software to detect if a time shift has occurred. If the moveTime value exceeds 86400 seconds (24 hours), an immutable file named retainLock is created containing information about the changed time. The presence of the retainLock file blocks the immutable service from changing the immutability state of backup files, both existing and new.
After confirming that the timeshift was expected and that the current time is correct, the Time Shift Protection can be reset to allow the software to return to updating the immutable status of backup data. The procedure for resetting the Time Shift Protection depends on the type of Hardened Repository in use. Click the scenario description that matches for reset information:
Advanced Configuration The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired. The config file must be created with permissions 600 and belong to the root user. Available Parameters: disableCheck - parameter responsible for enabling or disabling the functionality. 0 — Enable time shift detection. (Default) 1 — Disable time shift detection. checkHwTime - controls whether the HW time is checked. Some systems may not have this clock. 0 — Disable HW time check. 1 — Enable HW time check. (Default) maxDeltaValueInSec - determines the value of shifted time (in seconds), after which the retention is blocked. 60 — Minimum value. 86400 — Default value (24 hours). 604800 — Maximum value. Example default config file formatting: <TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" /> After creating or modifying the config file, the veeamtransport service must be restarted. Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.