Just realized how fragile a virtual machine can be.
Yesterday I logged into a Windows server and found that some programs were missing (python among others). No big deal. I just assumed that someone else had removed them to free up space or something. Then I found a few files I knew I had both edited and deleted. And the files I knew I had touched suddenly had a timestamp dating back to 2008. Luckily this isn’t a critical production machine, but never the less, how could this happen?
When I checked the vCenter log, I found that the virtual hardware on this particular VM was updated just short of 24 hours earlier. The VM also contained a system generated snapshot dated 2008. The Windows event log, however, where having a gap from 2010 till 2012 (current day).
What has happened is this:
• The VM was powered off.
• The virtual hardware was upgraded.
• When the machine was turned back on, the system reverted back to a previous snapshot (without logging it), thus overwriting the current image.
There are several things here that I find “scary”. The first is that the VM went back using an older system state without even logging it.
The second “scary” thing is that the system generated snapshot was wrongly labeled with the year 2008, when it clearly contained data from 2010 (We actually tested this by reverting to this image just to check. We had nothing to loose anyway).