A problem occurred during setting the immutable flag: repository time shift detected, immutability flag cannot be set. Please refer to KB4482 for more details
Processing finished with warnings at 3/17/2024 10:33:16 PM
Page 1 / 1
Hi
have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
Hi
have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
the VEEAM is not part of the domain, but the time is same as the DC.
do you mean something else?
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
thank you for your answer.
i am aware of this. once a week i have to follow those steps to get it resolved.
Hi
have you configured ntpd for time sync?
It seems that the VM's time is not synchronised, or or am I wrong?
the VEEAM is not part of the domain, but the time is same as the DC.
do you mean something else?
i use ubuntu as my immu repo and set ntp external time sync
https://wiki.ubuntu-it.org/Server/SincronizzazioneTempoNtp
https://reintech.io/blog/configuring-ntp-client-ubuntu-2004
Hi
The warning message due to Time Shift is also addressed here: https://www.veeam.com/kb4424. You have some good links shared above to have this issue resolved.
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
I am going test these settings as I am doing a similar thing when I have HA events in VMware with my VHRs. This is probably the best workaround.
I do have the VMTools set to sync for both options as well.
Hey,
Have you check the KB?
https://www.veeam.com/kb4482#:~:text=This%20warning%20is%20displayed%20when,immutability%20state%20from%20being%20manipulated.
Advanced Configuration
The TimeShift detection feature is configurable by creating the file /etc/veeam/immureposvc/config and setting parameters as desired.
The config file must be created with permissions 600 and belong to the root user.
Available Parameters:
- disableCheck - parameter responsible for the general enabling or disabling of the functionality.
- checkHwTime - controls whether the HW time is checked. Some systems may not have this clock.
- maxDeltaValueInSec - determines the value of shifted time after which the retention is blocked.
Example config file formatting with default settings:
<TimeDefenderConfig disableCheck="0" checkHwTime="1" maxDeltaValueInSec="86400" />
After creating or modifying the config file, the veeamtransport service must be restarted.
Note: The config file overrides the hardcoded defaults; if it is not present or not configured as documented, the defaults will be used.
I am going test these settings as I am doing a similar thing when I have HA events in VMware with my VHRs. This is probably the best workaround.
I do have the VMTools set to sync for both options as well.
i am curious if you'll get it fixed.
i dont have time to configure it yet.
Hi there! As a side note, you seem to be running a Veeam Hardened repository in a VM. Is that correct? If so, I wonder if this doesn’t make you vulnerable at the hypervisor level. From a Zero Trust standpoint, maybe it’s worth considering a physical server instead?
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.