Operational Defect Database
BugZero found this defect 236 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4482
Backup Warning: "repository time shift detected, immutability flag cannot be set."
Last update date:
12/5/2023
Affected products:
Veeam Backup & Replication
Affected releases:
12.1
Fixed releases:
No fixed releases provided.
Description:
Challenge
A Backup or Backup Copy job using an Immutable Hardened Linux Repository displays the warning: A problem occurred during setting the immutable flag: repository time shift detected, immutability flag cannot be set. Please refer to KB4482 for more details
Cause
This warning is displayed when a time shift has been detected within the Linux OS of the Hardened Linux Repository. Timeshift detection was implemented to prevent the restore point immutability state from being manipulated. However, this system could also be triggered by user-caused timeshifts such as: Intentional changes to the system time by an administrator. Powering off the Linux machine for an extended time. Stopping the VeeamTransport service, which is used to track the time. Adding a Hardened Linux Repository that was previously used and already has a timeLog file present. Explanation When the immutable service starts on the Linux machine backing the Hardened Repository, a timeLog file is created in the directory /etc/veeam/immureposvc/. Every 10 minutes, the current UTC time (systemTime) and HW time (hwTime) are written to the timeLog file. Each time timeLog is updated, the difference between the current and previous value is calculated and added to a parameter named moveTime. This allows the software to detect if a time shift has occurred. If the moveTime value exceeds 86400 seconds (24 hours), an immutable file named retainLock is created containing information about the changed time. The presence of the retainLock file blocks the immutable service from changing the immutability state of backup files, both existing and new.
Solution
Procedure Requires Root Privileges To complete the procedure documented below, root privileges are required, either through direct use of the root account or privilege elevation using an account with sudo rights.
More Information
Advanced Configuration The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired. The config file must be created with permissions 600 and belong to the root user. Available Parameters: disableCheck - parameter responsible for the general enabling or disabling of the functionality. checkHwTime - controls whether the HW time is checked. Some systems may not have this clock. maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked. Example config file formatting with default settings: <TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" /> After creating or modifying the config file, the veeamtransport service must be restarted. Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
