During the Backup Job operation to a Hardened Repository, Veeam displays the warning "repository time shift detected" and the immutable flag is not applied to backup data.
If you experience this issue, the backup has been processed successfully but the backup data are not marked as immutable.
Time shift is a feature introduced in Veeam Backup & Replication v12.1 and it used to prevent the restore point immutability state from being altered.
In the directory /etc/veeam/immureposvc, the immutable service creates a timeLog file when the Hardened Repository starts. In the timeLog file, the system writes every ten minutes the current UTC time and the HW time. When the timeLog file is updated, the system calculates the difference between the old and the updated value adding the result to the moveTime parameter.
If the moveTime value exceeds 24 hours, an immutable retainLock file is created blocking the immutable service from changing the immutability status of backups displaying the warning "repository time shift detected".
Fix repository time shift detected warning
To fix this issue, first make sure no Backup Jobs are running in Veeam Backup & Replication.
Login the Hardened Repository using a root account and run the following command to remove the immutability to the retainLock file:
# sudo chattr -i /etc/veeam/immureposvc/retainLock
Delete the file with the command:
# sudo rm /etc/veeam/immureposvc/retainLock
Restart the VeeamTransport service.
# sudo service veeamtransport restart
Run the Backup Job once again. This time the backup completes successfully.
This new feature enforces security and prevents that backups can be manipulated protecting the business in case of a ransomware attack.
