Anomaly detection

Guys,

I need to create my Ko because the current is very very old (09:59:59 GMT-06:00 killed Sep 22 2009) when I try to record manually with the command

vs0 anomaly detection record MYKB I get an error that says: ongoing attack

I need to create a new KB and load Méthot rotation does not work because the last KB is very old. I thisk it doesn't work because there's ALWAYS an attack.

Can I save a load a KB file manually even if there is an attack in progress?

If not, how can I solve my problem

Thank you

CPSC DiegoCR

Hi Diego

You can fix this by:

Enable detection of anomaly (operational-idle mode)
Delete/copy/load the necessary files and start the anomaly detection or preferably put the sensor in learning accept mode (see operating mode) and wait 24 hours.

Johan Kellerman

Tags: Cisco Security

Similar Questions

Syntax/options of anomaly detection

I want to configure detection of anomalies on my IPS, but was a little confused about the syntax for the areas.

It looks like I can configure the service/inner box

172.25.13.1 - 172.25.13.254, 172.25.20.1 - 172.25.13.254

What happens if I want to make a very general internal zone (because I have a lot of subnets). I would do something like that?

172.25.1.1 - 172.25.255.255

I want to define mcuh pretty all-in-172.25.0.0 16 as an intern, but not sure of the syntax here

Hello

You can use the syntax:

172.25.0.0 - 172.25.255.255

The default values for most parameters show by starting with a network address and ending with the addresses of distribution for networks.

"Please note useful posts.

Failed to update of the signing of the AIP-SSM-10

I hope someone can help me, I am unable to get the signature autoupdate working on our ASA 5510 IPS. We have a valid support contract, our user name does not include and special characters, and I am able to download the files of signature on the site by using our BCC.

When trying to get through Auto/cisco.com update if I get the following in the event logs each attempt update:

evError: eventId = 1319467413849005289 = severity = error Cisco vendor

Author:

hostId: xxxx

appName: mainApp

appInstanceId: 354

time: October 26, 2011 11:40:01 UTC offset = 60 timeZone = GMT00:00

errorMessage: AutoUpdate exception: failed to connect HTTP [1 111] name = errSystemError

I've included a conf 'show' and a 'facilitator stat"below.

See the XXXXXX conf #.

! ------------------------------

! Current configuration last modified Wed Oct 26 10:48:07 2011

! ------------------------------

! Version 7.0 (6)

! Host:

! Domain keys key1.0

! Definition of signature:

! Update of the signature S604.0 2011-10-20

! ------------------------------

service interface

output

! ------------------------------

authentication service

output

! ------------------------------

rules0 rules for event-action service

output

! ------------------------------

service host

the network settings

Host-ip 10.x.x.x/24,10.x.x.x

hostname xxxxxx

Telnet-option turned off

access-list 10.x.x.x/32

access-list 10.x.x.x/16

access-list 10.x.x.x/32

primary-active DNS server

address 10.x.x.x

output

secondary-server DNS disabled

tertiary-disabled DNS server

output

time zone settings

offset 0

standard time-zone-name-GMT00:00

output

NTP-option enabled-ntp-no authenticated

Server NTP 10.x.x.x

output

Summertime-recurring option

Summertime-zone-name GMT00:00

Start-summertime

last week of the month

output

end-summertime

month October

last week of the month

output

end-summertime

month October

last week of the month

output

output

automatic update

Cisco-Server enabled

scheduling periodic-calendar option

beginning 00:40:00

interval 1

output

username xxxxxxxxxxxxxxx

Cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

output

output

output

! ------------------------------

service recorder

output

! ------------------------------

network access service

output

! ------------------------------

notification services

output

! ------------------------------

Service signature-definition sig0

output

! ------------------------------

Service ssh-known-hosts

output

! ------------------------------

trust-certificates of service

output

! ------------------------------

web-server service

output

! ------------------------------

Service-ad0 anomaly detection

output

! ------------------------------

service interface external product

output

! ------------------------------

health-monitor service

output

! ------------------------------

service global correlation

output

! ------------------------------

aaa service

output

! ------------------------------

service-analysis engine

vs0 virtual sensor

Physics-interface GigabitEthernet0/1

output

output

XXXXXX # host stat

General statistics

Last updated to host Config (UTC) = 27 October 2011 08:27:10

Control device control Port = GigabitEthernet0/0

Network statistics

= ge0_0 link encap HWaddr 00:12:D9:48:F7:44

= inet addr:10.x.x.x Bcast:10.x.x.x.x mask: 255.255.255.0

= RUNNING UP BROADCAST MULTICAST MTU:1500 metric: 1

= Dropped packets: 470106 RX errors: 0:0 overruns: 0 frame: 0

= Dropped packets: 139322 TX errors: 0:0 overruns: 0 carrier: 0

= collisions: 0 txqueuelen:1000

= RX bytes: 40821181 (38.9 MiB) TX bytes: 102615325 (97.8 MiB)

= Address: 0xbc00 memory: f8200000 of base-f8220000

NTP statistics

= distance refid st t when poll reach delay offset jitter

= * time.xxxx.x 195.x.x.x 3 u 142 1024 377 1, 825 - 0.626 0.305

= L LOCAL (0) LOCAL (0) 15 59 64 377 0.000 0.000 0.001

= ind assID status conf scope auth condition last_event cnt

= 1 43092 b644 Yes Yes No sys.peer 4 available

= 2 43093 9044 Yes Yes No accessible release 4

status = synchronized

Memory usage

usedBytes = 664383488

freeBytes = 368111616

totalBytes = 1032495104

Statistics of Summertime

Start = GMT00:00 03:00 Sunday, March 27, 2011

end = GMT00:00 01:00 Sunday October 30, 2011

Statistics of the processor

Its use in the last 5 seconds = 51

Its use during the last minute = 44

Its use in the last 5 minutes = 50

Memory statistics

Use of memory (bytes) = 664383488

Free MEMORY (bytes) = 368111616

Auto Update Statistics

lastDirectoryReadAttempt = 08:40 GMT00:00 Thursday, October 27, 2011

= Reading directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

= Error: Auto update an exception: failed to connect HTTP [1 111]

lastDownloadAttempt = n/a

lastInstallAttempt = n/a

nextAttempt = GMT00:00 09:28 Thursday, October 27, 2011

Auxiliary processors installed

Thank you very much.

Your error message indicates "HTTP connection failed."

Management interface you can access the internet via HTTP sensor?

You have a proxy between the sensor and the internet?

Can you ping the sensor to open internet IP addresses (like google.com)?

-Bob

AIP SSM and virtual devices

I just put in place a module AIP SSM in an ASA 5520 with a unique security context.

Do I need to configure virtual devices in this case? or I can use the VS0 default? In the documentation of the IPS, he says "You can't change the definition of signature, rules of action event or anomaly detection policies." for the default virtual sensor (VS0), which is the only virtual sensore I.

Can someone clarify what this means? It somehow restrict the usefulness of the IPS if I do not set up a separate VS?

Thank you very much.

A single sensor vs0 virual is very good, especially when only a single surveillance security context.

The statement do not change the definition of signature, event actions or policies of anomaly detection rules can be a little misleading.

What he's trying to say, is that you cannot create ad1, regles1, and any new polcies sig1 and try to apply them to vs0. The vs0 default must use sig0, rules0 and ad0.

If you have created a new vs1, then you can apply the new policies like sig1 and regles1 ad1 to this new vs1.

This does NOT mean that you cannot make changes to config in sig0, rules0 and ad0.

So feel free to make configuration changes to sig0, rules0 and ad0 to fine-tune how your vs0 should handle the traffic.

It's just the names of politicians who cannot be changed when you use vs0.

Error: getAnalysisEngineStatistics:ct - sensorApp.26277 does not

One of my clients has IPS-4240-K9 and facing problem with the follwing error

Output to the statistical-analysis engine

Error: getAnalysisEngineStatistics: ct - sensorApp.26277 does not, please check the processes in the system - failed to connect to the specified Io::ClientPipe.

Output to the statistical-anomaly detection

Error: getAnomalyDetectionStatistics: ct - sensorApp.26277 does not, please check the processes in the system - failed to connect to the specified Io::ClientPipe.

Analysis engine works very well as you can see under view version

MainApp to B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500 Running

AnalysisEngine BE-BEAU_E4_2010_MAR_25_02_09_7_0_2 (Ipsbuild) 2010-03 - 25 T 02: 11:05 - 0500 Running

CollaborationApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500 Running

CLI B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500

Please can someone help me to the analysis of the error.

Look forward to the answer.

Regards

I don't think that the problem will be solved by a signature update. But you can give it a shot.

Thank you.

IPS (7.0 (7) E4) on ASA-SSM-10 block DNS without alerts

Hi all

I have the IPS module:

Build version: 1.1 - 7, 0000 E4

ASA 5500 Series Security Services Module-10

Update of the signature S652.0 2012-06-20

Journal of the ASDM inferred events:

4 June 26, 2012 18:21:47 193.227.240.38 53 IPS 65347 sd-out asked to drop the UDP packet from outside:193.227.240.38/53 to dmz1:sd - outside/65347

But the IPS not deducted from alerts - it does not explain why blocking these packets. DNS requests cannot just one network.

! ------------------------------

! Current configuration last modified Tue Jun 26 18:01:58 2012

! ------------------------------

! Version 7.0(7)

! Host:

! Realm Keys key1.0

! Signature Definition:

! Signature Update S652.0 2012-06-20

! ------------------------------

service interface

exit

! ------------------------------

service authentication

exit

! ------------------------------

service event-action-rules rules0

filters edit PROXY

attacker-address-range 192.168.72.7

actions-to-remove deny-attacker-inline|deny-packet-inline

os-relevance relevant|not-relevant|unknown

exit

filters edit Q00000

signature-id-range 5684

attacker-address-range 95.190.8.0-95.190.8.255

actions-to-remove deny-attacker-inline|deny-packet-inline

os-relevance relevant|not-relevant|unknown

exit

filters edit Q00001

signature-id-range 5684

victim-address-range 95.190.8.0-95.190.8.255

actions-to-remove deny-attacker-inline|deny-packet-inline

os-relevance relevant|not-relevant|unknown

exit

filters edit USERS

signature-id-range 1102,5237,2152,5684,2100,5581,3030,6061,3030,11020,5403,5474,20020,60000-60100

attacker-address-range 192.168.0.0-192.168.255.255

actions-to-remove deny-attacker-inline|deny-packet-inline

os-relevance relevant|not-relevant|unknown

exit

filters edit USERS2

signature-id-range 5575-5591,2151,21619,2150-2151

attacker-address-range 192.168.0.0-192.168.255.255

victim-address-range 192.168.0.0-192.168.255.255

actions-to-remove deny-attacker-inline|deny-packet-inline

os-relevance relevant|not-relevant|unknown

exit

filters move PROXY begin

filters move USERS after PROXY

filters move Q00000 after USERS

filters move Q00001 after Q00000

filters move USERS2 after Q00001

general

global-deny-timeout 14400

exit

target-value low target-address 192.168.0.0-192.168.255.255

target-value medium target-address 192.168.1.0-192.168.1.255,192.168.64.0-192.168.64.255,192.168.3.0-192.168.3.49,192.168.65.128-192.168.65.255

target-value high target-address 192.168.72.2-192.168.72.254,192.168.66.0-192.168.67.255,192.168.2.0-192.168.2.255

target-value mission-critical target-address 192.168.65.0-192.168.65.127

os-identification

calc-arr-for-ip-range 192.168.0.0-192.168.255.255

exit

! ------------------------------

service host

network-settings

host-ip 192.168.64.194/24,192.168.64.1

host-name gw1-ips

telnet-option disabled

access-list 192.168.0.0/16

dns-primary-server enabled

address 192.168.66.2

exit

dns-secondary-server enabled

address 192.168.72.19

exit

dns-tertiary-server enabled

address 192.168.72.20

exit

time-zone-settings

offset 360

standard-time-zone-name GMT+06:00

exit

ntp-option enabled-ntp-unauthenticated

ntp-server 192.168.64.1

exit

summertime-option disabled

auto-upgrade

cisco-server enabled

schedule-option calendar-schedule

times-of-day 04:20:00

days-of-week sunday

days-of-week tuesday

days-of-week thursday

days-of-week saturday

exit

user-name dimaonline

cisco-url https://198.133.219.25/cgi-bin/front.x/ida/locator/locator.pl

exit

! ------------------------------

service logger

exit

! ------------------------------

service network-access

general

enable-acl-logging true

never-block-networks 192.168.0.0/16

exit

! ------------------------------

service signature-definition sig0

signatures 60000 0

alert-severity low

sig-fidelity-rating 50

sig-description

sig-name XPress Administrator Service

sig-string-info Access to Administrator Service

sig-comment External user open Admin

sig-creation-date 20120622

exit

engine service-http

max-field-sizes

specify-max-uri-field-length no

exit

regex

specify-uri-regex yes

uri-regex [Aa]dministrator[Ss]ervice[.]asmx

exit

service-ports 80

exit

event-counter

event-count 1

event-count-key Axxx

specify-alert-interval no

exit

alert-frequency

summary-mode summarize

summary-interval 15

summary-key Axxx

specify-global-summary-threshold no

exit

vulnerable-os windows-nt-2k-xp

specify-mars-category yes

mars-category Info/Misc/Login

exit

signatures 60000 1

alert-severity low

sig-fidelity-rating 50

sig-description

sig-name Xpress Bridge

sig-string-info Service URL

sig-comment External Access to bridge

sig-creation-date 20120625

exit

engine service-http

regex

specify-uri-regex yes

uri-regex [Bb]ridge[/][Ss]ervice[.]asmx

exit

service-ports 80

exit

event-counter

event-count 1

event-count-key Axxx

specify-alert-interval no

exit

alert-frequency

summary-mode summarize

summary-interval 15

summary-key Axxx

specify-global-summary-threshold no

exit

status

enabled true

exit

specify-mars-category yes

mars-category Info/Misc/Login

exit

signatures 60001 0

alert-severity high

sig-fidelity-rating 90

sig-description

sig-name FreePBX Display Extentions

sig-string-info Acces to Extentions settings

sig-comment Weak Password Detection

sig-creation-date 20120622

exit

engine service-http

event-action produce-alert|deny-attacker-inline

regex

specify-uri-regex yes

uri-regex [/]admin[/]config[.]php

exit

specify-arg-name-regex yes

arg-name-regex display

specify-arg-value-regex yes

arg-value-regex (extensions)|(trunks)

exit

service-ports 80

exit

event-counter

event-count 1

event-count-key Axxx

specify-alert-interval no

exit

alert-frequency

summary-mode summarize

summary-interval 15

summary-key Axxx

specify-global-summary-threshold no

exit

! ------------------------------

service ssh-known-hosts

exit

! ------------------------------

service trusted-certificates

exit

! ------------------------------

service web-server

enable-tls false

port 80

exit

! ------------------------------

service anomaly-detection ad0

internal-zone

enabled true

ip-address-range 192.168.0.0-192.168.255.255

tcp

enabled true

exit

udp

enabled true

exit

other

enabled true

exit

illegal-zone

enabled false

tcp

enabled false

exit

udp

enabled false

exit

other

enabled false

exit

ignore

source-ip-address-range 192.168.0.0-192.168.255.255

exit

! ------------------------------

service external-product-interface

exit

! ------------------------------

service health-monitor

signature-update-policy

enable false

exit

license-expiration-policy

enable false

exit

event-retrieval-policy

enable false

exit

! ------------------------------

service global-correlation

exit

! ------------------------------

service aaa

exit

! ------------------------------

service analysis-engine

virtual-sensor vs0

physical-interface GigabitEthernet0/1

exit

I confirmed with the Ironport team that this IP is a bad host in sensorbase. This is the reason for the traffic of this host being removed. There could be several reasons for this subnet to the list, for example, it could be part of a controlled host known by spammers. You must reach out to the development team for a confirmation however.

Too many active services.

I have a site with very high success rates that are protected by IPS. There have been complains some deleted request so I went through the IPS event viewer and I found a lot of this:

evError: eventId = 1321353761353146007 = severity = error Cisco vendor

Author:

hostId: xxx

appName: sensorApp

appInstanceId: 17803

time: xxx

errorMessage: too many assets services (2048) in external/tcp. Rejected event for port [random_port_number] name = errUnclassified

Does anyone know if this connected and when / if the amount of active services can be controlled?

Additional information:

Platform: WS-SVC-JOINT-2

Build version: 7.0 (6) E4

By-pass: auto

Any help will be much appreciated.

Concerning

Mariusz

To work around the problem, you can disable the feature of anomaly detection.

Kind regards

Sawan Gupta

Prevent or stop the attack without signature or signature disabled

Hi IPS Expert,.

Our IPS is always set as based signature and anomaly detection is not enabled.

Is there a guideline that you can recommend to stop/prevent the attack without signature or signature is disabled.

I understand that if the signature is not enabled, it will also create event or alert.

This means that we will not have any idea when to stop.

Kind regards

Jhun

Jhun-

There are several reasons for which a signature can be disabled by default, but usually they are not active for a good reason.

Signatures have a natural life span, they are created, tuned to detect variants of the vulnerability / initial attack. Later in their lives, once that vulnerability has been mostly fixed or patched, they can be disabled. Once they become rather old to have little use for all they retired.

Other reasons a signature can be disabled, but that signature translates into a high rate of false positives. If you have someone perform analysis on the events that generates your IPS, you will waste their time and their talent with no productive events. It is the most common reason that a signature is disabled in an active sensor.

The last reason, maybe you want a signature (or a family of signatures) disabled, it is that they do not violate security policy you. If your organization allows peer-to-peer file sharing they that you wouldn't need signatures to stop this activity.

-Bob

RAM Mac pro 1.1 detects only not all after kernel panic

Hello

my mac pro 1.1, 2 x 3.0 Ghz quad core, ram 24 GB os x 1.7.5 just had a kernel panic and stop, after being on for 12 plus hours for most sitting idle. When I restarted the mac pro, now he is grateful only 12 GB of ram on a lift and another elevator shows empty, the DIMMs are installed in mounting a 4gb4gb2gb 2 GB, riser board b = 4gb4gb2gb2gb =, are all matched pairs. all the ram has been installed and functional for the 7-8 months without any problem. This is the first time my mac has never stop from a kernel by itself, panic and he never failed to see half of the ram before, in fact it worked great for quite some time so far. I don't know what is happening and I hope someone can help me get this figured out and find a solution to this problem, thanks in advance.

Bill

You have a RAM failure.

The Mac Pro features help Error correction Code RAM with hardware integrated with its Xeon processor. The Mac Pro 1.1 uses FBDIMM who get hot and do not have a long life expectancy. Work for 7-8 months does not work tomorrow.

The error correction is used aggressively at the start, and all DIMM found to have errors during the Power-On Self Test brief execution have their slots declared 'empty '. This isn't an anomaly, these modules DIMM turns out to be BAD.

If these modules DIMM is stickers from the seller, you can get replaced them under warranty of the seller.

The kernel panic, you met just might be part of the same problem. You can find the report and review it and post it if you want.

Mac OS X: how to connect to a kernel - Support Apple panic

RAM problems show themselves as control panic machine, nucleus, often detected by more than one processor at a time.

Yoga 2 pro falsely detects connected headphones

Hey

My Yoga pro 2 will come I am satisfied, if not delightfully has a problem with the audio input jack. At startup, it falsely detects that headphones are plugged, which leaves me with no sound in speakers. I tried to update drivers more recent, but it does not help.

I'll be grateful for any help, thank you

To me it looks more like the anomaly of the electric circuit as a driver problem. I believe that this case should enter through the standard product warranty if your Yoga 2 is still covered by a warranty.

Fake call Tx detected with 160 seconds timeout

I just upgraded ESXi hosts to 6 5.5U2 8. 0 b (2809209). The first host I have improved (a Dell R910) is fine for about a week and then died in the middle of the night Sunday night. Came to him hung up, couldn't SSH to it, does not respond on the console and was shown as disconnected in vCenter, all virtual machines on it had HA'ed to other hosts. Should be able to turn off that through iDrac and he came fine. The syslog feature stopped 9 minutes before the events in vCenter showing he's going down, so I couldn't check the newspaper to see what happened before he went down. Writing chalked up an anomaly and put back into production. Less than 24 hours later, woke to pages of our monitoring system of virtual machines on the same host. These virtual machines are inaccessible. The host was always sensitive and marked as upward in vCenter. Cannot open consoles for any of the virtual machines on this host. Was able to SSH in the host and it was in the vmkernel.log:
(2015 08-11 T 11: 14:52.338Z cpu23:33245) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:53.340Z cpu23:33256) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic5: transmit timed out
(2015 08-11 T 11: 14:53.340Z cpu23:33256) < 6 > ixgbe 0000:41:00.1: vmnic5: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:53.340Z cpu23:33256) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic4: transmit timed out
(2015 08-11 T 11: 14:53.340Z cpu23:33256) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:54.342Z cpu19:33251) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic5: transmit timed out
(2015 08-11 T 11: 14:54.342Z cpu19:33251) < 6 > ixgbe 0000:41:00.1: vmnic5: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:54.342Z cpu19:33251) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic4: transmit timed out
(2015 08-11 T 11: 14:54.342Z cpu19:33251) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
These repeated again and again many times per second. The host locked again shortly after and had to be restarted to force the VMs system HA to other hosts.
The vmnic4 and vmnic5 are ports on the same Intel NETWORK adapter X 520-2 (two ports), Intel, not the re-brand of Dell version version. We have two of these network adapters in each host with the ports of the other card of the NETWORK being vmnic6 and vmnic7. vmnic4 and vmnic6 go to our network local, vmnic5 and 7 go to our iSCSI network. These cards use the IGB driver (ethtool reports 3.21.6iov * last * with firmware version 0x61c10001). TSO and LRO are off due to problems that we already had. I spent yesterday upgrading all the firmware on the host of problem but the Intel X 520 - 2 does not appear to be newer firmware that I can find, even if Dell seems to have a version for it which does not apply to these network cards Intel version.
The host of problem is currently in production with a very low charge on it for more than 24 hours so far and I am increasing the load on a regular basis to see if it eventually bombs again.
Googling "Fake Tx crash detected" results in a lot of older hits, mostly from the Linux IGB problems associated with pilots. Nothing to really related to VMware. And nothing that seems relevant.
Any ideas? Find it me hard to believe that the NIC itself suddenly has gone wrong that this host has been with us for years without problems until we went to 6. 0b. I have an another R910 which was bought at the same time that I'm tired of the upgrade that I can't have two hosts having problems it would cause problems of capacity within our cluster.

Say that there is no work around and the only solution was to go down to 5.5U2 when I opened a SR with VMware, I discovered other ways there is a workaround script that seems to change the management of interruptions of CPU from automatic to manual, which is supposed to be the cause of this problem. Why VMware is distributing this script to some people and not others that I don't know, I hope it was just the tech who worked my case not having is no knowledge of the script of the workaround at the time said.

EDIT: I should add that since the purpose of this script to our guests, we have not seen the problem still happen when I had three accidents in the first week. /knockonwood

MBP: monitor detected but no image except by VGA

I have a MBP of Mid 2012 running latest El Capitan.

When I connect to an external monitor, it is detected correctly in views (exact name, resolution, etc.), but the monitor doesn't detect any image from the portable computer. I tried the DVI - D and DisplayPort with various cables and monitors with the same result, but a picture appears if I connect to VGA. It started in the past week.

The built-in display does not work normally.

Looks like a hardware failure in the computer DisplayPort connector laptop, as the pins are worn or something?

Any other ideas?

Hi johngirvin,

Thank you for using communities Support from Apple. Sorry to hear that you had these display problems with your MacBook Pro. Looks like you've been on the right track trying to solve this problem. If you continue to have problems, you can find the additional steps described in the following article useful, up to and including contacting Apple Support if necessary:
Get help with graphical problems on the external displays connected to your Mac - Apple Support

Concerning

Time Machine (on Mac) does not detect the airport Time Capsule

Originally posted on the page of the airport, but seems to be the better question for this group. Sorry for the double post

Looking for advice on how to get the Time Machine utility for access to my Time Capsule. I use an iMac in late 2012 with MAC OS 10.12 TimeCapsule is 2015 7.7.7 running latest firmware. Airport utility is the latest firmware 6.3.7.

When I run the application Time Machine, Time Capsule is not detected. I tried the two WiFi and with cables connected Ethernet (not tried USB yet) and my Time Capsule doesn't have a lightning bolt or firewire ports.

Open Airport utility & see the airport time capsule. I can see all connected devices, including the MAC, but no prompt activation Time Machine on the Time Capsule.

I recently used TM on this iMac with a G-Technology drive. It auto detects the time machine and executes a back up. But airport Time Capsule will not.

Any suggestions?

Sierra has been problematic with the TC.

1. make sure you don't have any charge virus protection software. In fact, I would say that disable all software 3rd part at the moment.

2. make sure that you can actually write to disk of TC.

Attach the TC disc in the finder and copy a file on disk, you can delete it later... It's just to ensure that you have full write permission. If it does not for the most part, you won't be able to use Time Machine... If you can then try TM immediately...

Just to be clear, the TC is a network device. You have tested with ethernet and wireless... Ok.. They are only suitable methods. You cannot use USB. And clearly, TC has never had nor will never be ports Firewire or lightning.

3. no chance that a reset complete TC. This will not delete the files on the hard drive, but you must make sure that the device is configured on the current computer.

4. There are many positions in these days... read through them and do some research. Sierra is a bleeding edge new... So wait you to spend a lot of the precious liquid if you choose to be an early adopt.

Time Machine doesn't detect Time Capsule

Looking for advice on how to get the Time Machine utility for access to my Time Capsule. I use an iMac in late 2012 with MAC OS 10.12 TimeCapsule is 2015 7.7.7 running latest firmware. Airport utility is the latest firmware 6.3.7.

When I run the application Time Machine, Time Capsule is not detected. I tried the two WiFi and with cables connected Ethernet (not tried USB yet) and my Time Capsule doesn't have a lightning bolt or firewire ports.

Open Airport utility & see the airport time capsule. I can see all connected devices, including the MAC, but no prompt activation Time Machine on the Time Capsule.

I recently used TM on this iMac with a G-Technology drive. It auto detects the time machine and executes a back up. But airport Time Capsule will not.

Any suggestions?

We understand your current configuration of the network with the Time Capsule (TC). Is the TC the only router on your network? What is the brand and model of the modem Internet you have directly linked it by Ethernet?

Normally you use a wired connection or wireless between the iMac and the TC? This always was a problem or just started to happen? If she just started, have you changed any software/firmware on the iMac or TC?

Thunderbolt display is no longer detected

I have a late 2013, MacBook Pro and a 27 inch Thunderbolt display, bought in September 2014. I use the screen without problems since then. But today the display is no longer detected. I got the MacBook disconnected from the screen, which has been briefly disconnected from the sector. (It was a power outage scheduled as it happens, but I don't see how that makes a difference).

Now, when I connect display of the power of the lead part works fine but the screen does not illuminate. To the search, in the report of the system, the Thunderbolt Bus shows two Ports both with "no device connected". I have a Thunderbolt ethernet adapter and shows.

I tried all the usual troubleshooting steps: disconnected power for a few minutes, resetting the NVRAM, reset SMC. A ran Diagnostics from Apple on the MacBook - all very good. I don't know what I can do. The Thunderbolt connector is slightly warm to the touch, which I think is always the case.

Everyone you have other ideas please?

Hey donnysp,

If I understand correctly, the external display Thunderbolt is not recognized by MacBook Pro. Looks like you already have a troubleshooting. I recommend you to read this article, it may be able to help solve the problem.
Check the connections on your Mac and external screens:
- If you use an Apple laptop computer, try to connect the AC adapter.
- Make sure that the power cable from the external display is connected correctly and that your display is enabled.
- If you are using a Mac Pro (end of 2013), make sure that your screens are plugged into the right ports.
- If you use a hub of display, Cabinet or "KVM", try to connect the video cable from your screen directly to your Mac instead.
- Unplug the video cable where it plugs into your Mac, then reconnect to reinsert the connection.
- If you are using a video card, unplug the video adapter on your Mac, then reconnect to reinsert the connection.
- If you use multiple video cards to connect your screen (the cards are "chained"), testing connection of the screen by using a single adapter if possible. Some video cards may not be linked together. For example, a mini DisplayPort to DVI adapter may not be connected to an adapter DVI to HDMI.
- If your screen has more than one video connection, see if you are using another connection on the display works. If possible, check if you use a different view or a different adapter works.
- Try using another cable that you know to be in working condition. Check with the manufacturer of the screen to make sure that you use the cable they recommend.
Get help with graphical problems on external displays connected to your Mac.

Thank you for using communities of Apple Support. Have a good.

Anomaly detection

Similar Questions

Maybe you are looking for