Veeam v12: fix repository time shift detected

veeam-v12-fix-repository-time-shift-detected-01

During the Backup Job operation to a Hardened Repository, Veeam displays the warning "repository time shift detected" and the immutable flag is not applied to backup data.

If you experience this issue, the backup has been processed successfully but the backup data are not marked as immutable.

veeam-v12-fix-repository-time-shift-detected-02

Time shift is a feature introduced in Veeam Backup & Replication v12.1 and it used to prevent the restore point immutability state from being altered.

In the directory /etc/veeam/immureposvc, the immutable service creates a timeLog file when the Hardened Repository starts. In the timeLog file, the system writes every ten minutes the current UTC time and the HW time. When the timeLog file is updated, the system calculates the difference between the old and the updated value adding the result to the moveTime parameter.

If the moveTime value exceeds 24 hours, an immutable retainLock file is created blocking the immutable service from changing the immutability status of backups displaying the warning "repository time shift detected".

 

Fix repository time shift detected warning

To fix this issue, first make sure no Backup Jobs are running in Veeam Backup & Replication.

Login the Hardened Repository using a root account and run the following command to remove the immutability to the retainLock file:

# sudo chattr -i /etc/veeam/immureposvc/retainLock

veeam-v12-fix-repository-time-shift-detected-03

Delete the file with the command:

# sudo rm /etc/veeam/immureposvc/retainLock

veeam-v12-fix-repository-time-shift-detected-04

Restart the VeeamTransport service.

# sudo service veeamtransport restart

veeam-v12-fix-repository-time-shift-detected-05

Run the Backup Job once again. This time the backup completes successfully.

veeam-v12-fix-repository-time-shift-detected-06

This new feature enforces security and prevents that backups can be manipulated protecting the business in case of a ransomware attack.

signature

Leave a Reply