A problem occurred during setting the immutable flag: repository time shift detected, immutability flag cannot be set. Please refer to KB4482 for more details
Processing finished with warnings at 3/17/2024 10:33:16 PM
Solved
immutability flag
Best answer by Iams3le
Hi
The warning message due to Time Shift is also addressed here: https://www.veeam.com/kb4424. You have some good links shared above to have this issue resolved.
+11have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
+8Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
Link State wrote:
have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
the VEEAM is not part of the domain, but the time is same as the DC.
do you mean something else?
Stabz wrote:
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
thank you for your answer.
i am aware of this. once a week i have to follow those steps to get it resolved.
+11VEEAM_Legend wrote:
Link State wrote:
have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
the VEEAM is not part of the domain, but the time is same as the DC.
do you mean something else?
i use ubuntu as my immu repo and set ntp external time sync
https://wiki.ubuntu-it.org/Server/SincronizzazioneTempoNtp
Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired)
+11Hi
The warning message due to Time Shift is also addressed here: https://www.veeam.com/kb4424. You have some good links shared above to have this issue resolved.
[Microsoft MVP | Veeam Legend 6* | VMware vExpert 5* | Cisco Champion 3* | Object First Ace]
+21Stabz wrote:
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
I am going test these settings as I am doing a similar thing when I have HA events in VMware with my VHRs. This is probably the best workaround.
I do have the VMTools set to sync for both options as well.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Chris.Childerhose wrote:
Stabz wrote:
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
I am going test these settings as I am doing a similar thing when I have HA events in VMware with my VHRs. This is probably the best workaround.
I do have the VMTools set to sync for both options as well.
i am curious if you'll get it fixed.
i dont have time to configure it yet.
Hi there! As a side note, you seem to be running a Veeam Hardened repository in a VM. Is that correct? If so, I wonder if this doesn’t make you vulnerable at the hypervisor level. From a Zero Trust standpoint, maybe it’s worth considering a physical server instead?
Hubert
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.