Anomaly detection
Guys,
I need to create my Ko because the current is very very old (09:59:59 GMT-06:00 killed Sep 22 2009) when I try to record manually with the command
vs0 anomaly detection record MYKB I get an error that says: ongoing attack
I need to create a new KB and load Méthot rotation does not work because the last KB is very old. I thisk it doesn't work because there's ALWAYS an attack.
Can I save a load a KB file manually even if there is an attack in progress?
If not, how can I solve my problem
Thank you
CPSC DiegoCR
Hi Diego
You can fix this by:
- Enable detection of anomaly (operational-idle mode)
- Delete/copy/load the necessary files and start the anomaly detection or preferably put the sensor in learning accept mode (see operating mode) and wait 24 hours.
BR
Johan Kellerman
Tags: Cisco Security
Similar Questions
-
Syntax/options of anomaly detection
I want to configure detection of anomalies on my IPS, but was a little confused about the syntax for the areas.
It looks like I can configure the service/inner box
172.25.13.1 - 172.25.13.254, 172.25.20.1 - 172.25.13.254
What happens if I want to make a very general internal zone (because I have a lot of subnets). I would do something like that?
172.25.1.1 - 172.25.255.255
I want to define mcuh pretty all-in-172.25.0.0 16 as an intern, but not sure of the syntax here
Hello
You can use the syntax:
172.25.0.0 - 172.25.255.255
The default values for most parameters show by starting with a network address and ending with the addresses of distribution for networks.
"Please note useful posts.
-
Failed to update of the signing of the AIP-SSM-10
I hope someone can help me, I am unable to get the signature autoupdate working on our ASA 5510 IPS. We have a valid support contract, our user name does not include and special characters, and I am able to download the files of signature on the site by using our BCC.
When trying to get through Auto/cisco.com update if I get the following in the event logs each attempt update:
evError: eventId = 1319467413849005289 = severity = error Cisco vendor
Author:
hostId: xxxx
appName: mainApp
appInstanceId: 354
time: October 26, 2011 11:40:01 UTC offset = 60 timeZone = GMT00:00
errorMessage: AutoUpdate exception: failed to connect HTTP [1 111] name = errSystemError
I've included a conf 'show' and a 'facilitator stat"below.
See the XXXXXX conf #.
! ------------------------------
! Current configuration last modified Wed Oct 26 10:48:07 2011
! ------------------------------
! Version 7.0 (6)
! Host:
! Domain keys key1.0
! Definition of signature:
! Update of the signature S604.0 2011-10-20
! ------------------------------
service interface
output
! ------------------------------
authentication service
output
! ------------------------------
rules0 rules for event-action service
output
! ------------------------------
service host
the network settings
Host-ip 10.x.x.x/24,10.x.x.x
hostname xxxxxx
Telnet-option turned off
access-list 10.x.x.x/32
access-list 10.x.x.x/16
access-list 10.x.x.x/32
primary-active DNS server
address 10.x.x.x
output
secondary-server DNS disabled
tertiary-disabled DNS server
output
time zone settings
offset 0
standard time-zone-name-GMT00:00
output
NTP-option enabled-ntp-no authenticated
Server NTP 10.x.x.x
output
Summertime-recurring option
Summertime-zone-name GMT00:00
Start-summertime
last week of the month
output
end-summertime
month October
last week of the month
output
end-summertime
month October
last week of the month
output
output
automatic update
Cisco-Server enabled
scheduling periodic-calendar option
beginning 00:40:00
interval 1
output
username xxxxxxxxxxxxxxx
Cisco-url https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
output
output
output
! ------------------------------
service recorder
output
! ------------------------------
network access service
output
! ------------------------------
notification services
output
! ------------------------------
Service signature-definition sig0
output
! ------------------------------
Service ssh-known-hosts
output
! ------------------------------
trust-certificates of service
output
! ------------------------------
web-server service
output
! ------------------------------
Service-ad0 anomaly detection
output
! ------------------------------
service interface external product
output
! ------------------------------
health-monitor service
output
! ------------------------------
service global correlation
output
! ------------------------------
aaa service
output
! ------------------------------
service-analysis engine
vs0 virtual sensor
Physics-interface GigabitEthernet0/1
output
output
XXXXXX # host stat
General statistics
Last updated to host Config (UTC) = 27 October 2011 08:27:10
Control device control Port = GigabitEthernet0/0
Network statistics
= ge0_0 link encap HWaddr 00:12:D9:48:F7:44
= inet addr:10.x.x.x Bcast:10.x.x.x.x mask: 255.255.255.0
= RUNNING UP BROADCAST MULTICAST MTU:1500 metric: 1
= Dropped packets: 470106 RX errors: 0:0 overruns: 0 frame: 0
= Dropped packets: 139322 TX errors: 0:0 overruns: 0 carrier: 0
= collisions: 0 txqueuelen:1000
= RX bytes: 40821181 (38.9 MiB) TX bytes: 102615325 (97.8 MiB)
= Address: 0xbc00 memory: f8200000 of base-f8220000
NTP statistics
= distance refid st t when poll reach delay offset jitter
= * time.xxxx.x 195.x.x.x 3 u 142 1024 377 1, 825 - 0.626 0.305
= L LOCAL (0) LOCAL (0) 15 59 64 377 0.000 0.000 0.001
= ind assID status conf scope auth condition last_event cnt
= 1 43092 b644 Yes Yes No sys.peer 4 available
= 2 43093 9044 Yes Yes No accessible release 4
status = synchronized
Memory usage
usedBytes = 664383488
freeBytes = 368111616
totalBytes = 1032495104
Statistics of Summertime
Start = GMT00:00 03:00 Sunday, March 27, 2011
end = GMT00:00 01:00 Sunday October 30, 2011
Statistics of the processor
Its use in the last 5 seconds = 51
Its use during the last minute = 44
Its use in the last 5 minutes = 50
Memory statistics
Use of memory (bytes) = 664383488
Free MEMORY (bytes) = 368111616
Auto Update Statistics
lastDirectoryReadAttempt = 08:40 GMT00:00 Thursday, October 27, 2011
= Reading directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
= Error: Auto update an exception: failed to connect HTTP [1 111]
lastDownloadAttempt = n/a
lastInstallAttempt = n/a
nextAttempt = GMT00:00 09:28 Thursday, October 27, 2011
Auxiliary processors installed
Thank you very much.
Your error message indicates "HTTP connection failed."
Management interface you can access the internet via HTTP sensor?
You have a proxy between the sensor and the internet?
Can you ping the sensor to open internet IP addresses (like google.com)?
-Bob
-
I just put in place a module AIP SSM in an ASA 5520 with a unique security context.
Do I need to configure virtual devices in this case? or I can use the VS0 default? In the documentation of the IPS, he says "You can't change the definition of signature, rules of action event or anomaly detection policies." for the default virtual sensor (VS0), which is the only virtual sensore I.
Can someone clarify what this means? It somehow restrict the usefulness of the IPS if I do not set up a separate VS?
Thank you very much.
A single sensor vs0 virual is very good, especially when only a single surveillance security context.
The statement do not change the definition of signature, event actions or policies of anomaly detection rules can be a little misleading.
What he's trying to say, is that you cannot create ad1, regles1, and any new polcies sig1 and try to apply them to vs0. The vs0 default must use sig0, rules0 and ad0.
If you have created a new vs1, then you can apply the new policies like sig1 and regles1 ad1 to this new vs1.
This does NOT mean that you cannot make changes to config in sig0, rules0 and ad0.
So feel free to make configuration changes to sig0, rules0 and ad0 to fine-tune how your vs0 should handle the traffic.
It's just the names of politicians who cannot be changed when you use vs0.
-
Error: getAnalysisEngineStatistics:ct - sensorApp.26277 does not
One of my clients has IPS-4240-K9 and facing problem with the follwing error
Output to the statistical-analysis engine
Error: getAnalysisEngineStatistics: ct - sensorApp.26277 does not, please check the processes in the system - failed to connect to the specified Io::ClientPipe.
Output to the statistical-anomaly detection
Error: getAnomalyDetectionStatistics: ct - sensorApp.26277 does not, please check the processes in the system - failed to connect to the specified Io::ClientPipe.
Analysis engine works very well as you can see under view version
MainApp to B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500 Running
AnalysisEngine BE-BEAU_E4_2010_MAR_25_02_09_7_0_2 (Ipsbuild) 2010-03 - 25 T 02: 11:05 - 0500 Running
CollaborationApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500 Running
CLI B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10 - 15 T 08: 09:06 - 0500
Please can someone help me to the analysis of the error.
Look forward to the answer.
Regards
I don't think that the problem will be solved by a signature update. But you can give it a shot.
Thank you.
-
IPS (7.0 (7) E4) on ASA-SSM-10 block DNS without alerts
Hi all
I have the IPS module:
Build version: 1.1 - 7, 0000 E4
ASA 5500 Series Security Services Module-10
Update of the signature S652.0 2012-06-20
Journal of the ASDM inferred events:
4 June 26, 2012 18:21:47 193.227.240.38 53 IPS 65347 sd-out asked to drop the UDP packet from outside:193.227.240.38/53 to dmz1:sd - outside/65347
But the IPS not deducted from alerts - it does not explain why blocking these packets. DNS requests cannot just one network.
! ------------------------------
! Current configuration last modified Tue Jun 26 18:01:58 2012
! ------------------------------
! Version 7.0(7)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S652.0 2012-06-20
! ------------------------------
service interface
exit
! ------------------------------
service authentication
exit
! ------------------------------
service event-action-rules rules0
filters edit PROXY
attacker-address-range 192.168.72.7
actions-to-remove deny-attacker-inline|deny-packet-inline
os-relevance relevant|not-relevant|unknown
exit
filters edit Q00000
signature-id-range 5684
attacker-address-range 95.190.8.0-95.190.8.255
actions-to-remove deny-attacker-inline|deny-packet-inline
os-relevance relevant|not-relevant|unknown
exit
filters edit Q00001
signature-id-range 5684
victim-address-range 95.190.8.0-95.190.8.255
actions-to-remove deny-attacker-inline|deny-packet-inline
os-relevance relevant|not-relevant|unknown
exit
filters edit USERS
signature-id-range 1102,5237,2152,5684,2100,5581,3030,6061,3030,11020,5403,5474,20020,60000-60100
attacker-address-range 192.168.0.0-192.168.255.255
actions-to-remove deny-attacker-inline|deny-packet-inline
os-relevance relevant|not-relevant|unknown
exit
filters edit USERS2
signature-id-range 5575-5591,2151,21619,2150-2151
attacker-address-range 192.168.0.0-192.168.255.255
victim-address-range 192.168.0.0-192.168.255.255
actions-to-remove deny-attacker-inline|deny-packet-inline
os-relevance relevant|not-relevant|unknown
exit
filters move PROXY begin
filters move USERS after PROXY
filters move Q00000 after USERS
filters move Q00001 after Q00000
filters move USERS2 after Q00001
general
global-deny-timeout 14400
exit
target-value low target-address 192.168.0.0-192.168.255.255
target-value medium target-address 192.168.1.0-192.168.1.255,192.168.64.0-192.168.64.255,192.168.3.0-192.168.3.49,192.168.65.128-192.168.65.255
target-value high target-address 192.168.72.2-192.168.72.254,192.168.66.0-192.168.67.255,192.168.2.0-192.168.2.255
target-value mission-critical target-address 192.168.65.0-192.168.65.127
os-identification
calc-arr-for-ip-range 192.168.0.0-192.168.255.255
exit
exit
! ------------------------------
service host
network-settings
host-ip 192.168.64.194/24,192.168.64.1
host-name gw1-ips
telnet-option disabled
access-list 192.168.0.0/16
dns-primary-server enabled
address 192.168.66.2
exit
dns-secondary-server enabled
address 192.168.72.19
exit
dns-tertiary-server enabled
address 192.168.72.20
exit
exit
time-zone-settings
offset 360
standard-time-zone-name GMT+06:00
exit
ntp-option enabled-ntp-unauthenticated
ntp-server 192.168.64.1
exit
summertime-option disabled
auto-upgrade
cisco-server enabled
schedule-option calendar-schedule
times-of-day 04:20:00
days-of-week sunday
days-of-week tuesday
days-of-week thursday
days-of-week saturday
exit
user-name dimaonline
cisco-url https://198.133.219.25/cgi-bin/front.x/ida/locator/locator.pl
exit
exit
exit
! ------------------------------
service logger
exit
! ------------------------------
service network-access
general
enable-acl-logging true
never-block-networks 192.168.0.0/16
exit
exit
! ------------------------------
service signature-definition sig0
signatures 60000 0
alert-severity low
sig-fidelity-rating 50
sig-description
sig-name XPress Administrator Service
sig-string-info Access to Administrator Service
sig-comment External user open Admin
sig-creation-date 20120622
exit
engine service-http
max-field-sizes
specify-max-uri-field-length no
exit
regex
specify-uri-regex yes
uri-regex [Aa]dministrator[Ss]ervice[.]asmx
exit
exit
service-ports 80
exit
event-counter
event-count 1
event-count-key Axxx
specify-alert-interval no
exit
alert-frequency
summary-mode summarize
summary-interval 15
summary-key Axxx
specify-global-summary-threshold no
exit
exit
vulnerable-os windows-nt-2k-xp
specify-mars-category yes
mars-category Info/Misc/Login
exit
exit
signatures 60000 1
alert-severity low
sig-fidelity-rating 50
sig-description
sig-name Xpress Bridge
sig-string-info Service URL
sig-comment External Access to bridge
sig-creation-date 20120625
exit
engine service-http
regex
specify-uri-regex yes
uri-regex [Bb]ridge[/][Ss]ervice[.]asmx
exit
exit
service-ports 80
exit
event-counter
event-count 1
event-count-key Axxx
specify-alert-interval no
exit
alert-frequency
summary-mode summarize
summary-interval 15
summary-key Axxx
specify-global-summary-threshold no
exit
exit
status
enabled true
exit
specify-mars-category yes
mars-category Info/Misc/Login
exit
exit
signatures 60001 0
alert-severity high
sig-fidelity-rating 90
sig-description
sig-name FreePBX Display Extentions
sig-string-info Acces to Extentions settings
sig-comment Weak Password Detection
sig-creation-date 20120622
exit
engine service-http
event-action produce-alert|deny-attacker-inline
regex
specify-uri-regex yes
uri-regex [/]admin[/]config[.]php
exit
specify-arg-name-regex yes
arg-name-regex display
specify-arg-value-regex yes
arg-value-regex (extensions)|(trunks)
exit
exit
exit
service-ports 80
exit
event-counter
event-count 1
event-count-key Axxx
specify-alert-interval no
exit
alert-frequency
summary-mode summarize
summary-interval 15
summary-key Axxx
specify-global-summary-threshold no
exit
exit
exit
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
enable-tls false
port 80
exit
! ------------------------------
service anomaly-detection ad0
internal-zone
enabled true
ip-address-range 192.168.0.0-192.168.255.255
tcp
enabled true
exit
udp
enabled true
exit
other
enabled true
exit
exit
illegal-zone
enabled false
tcp
enabled false
exit
udp
enabled false
exit
other
enabled false
exit
exit
ignore
source-ip-address-range 192.168.0.0-192.168.255.255
exit
exit
! ------------------------------
service external-product-interface
exit
! ------------------------------
service health-monitor
signature-update-policy
enable false
exit
license-expiration-policy
enable false
exit
event-retrieval-policy
enable false
exit
exit
! ------------------------------
service global-correlation
exit
! ------------------------------
service aaa
exit
! ------------------------------
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit
I confirmed with the Ironport team that this IP is a bad host in sensorbase. This is the reason for the traffic of this host being removed. There could be several reasons for this subnet to the list, for example, it could be part of a controlled host known by spammers. You must reach out to the development team for a confirmation however.
-
Too many active services.
I have a site with very high success rates that are protected by IPS. There have been complains some deleted request so I went through the IPS event viewer and I found a lot of this:
evError: eventId = 1321353761353146007 = severity = error Cisco vendor
Author:
hostId: xxx
appName: sensorApp
appInstanceId: 17803
time: xxx
errorMessage: too many assets services (2048) in external/tcp. Rejected event for port [random_port_number] name = errUnclassified
Does anyone know if this connected and when / if the amount of active services can be controlled?
Additional information:
Platform: WS-SVC-JOINT-2
Build version: 7.0 (6) E4
By-pass: auto
Any help will be much appreciated.
Concerning
Mariusz
To work around the problem, you can disable the feature of anomaly detection.
Kind regards
Sawan Gupta
-
Prevent or stop the attack without signature or signature disabled
Hi IPS Expert,.
Our IPS is always set as based signature and anomaly detection is not enabled.
Is there a guideline that you can recommend to stop/prevent the attack without signature or signature is disabled.
I understand that if the signature is not enabled, it will also create event or alert.
This means that we will not have any idea when to stop.
Kind regards
Jhun
Jhun-
There are several reasons for which a signature can be disabled by default, but usually they are not active for a good reason.
Signatures have a natural life span, they are created, tuned to detect variants of the vulnerability / initial attack. Later in their lives, once that vulnerability has been mostly fixed or patched, they can be disabled. Once they become rather old to have little use for all they retired.
Other reasons a signature can be disabled, but that signature translates into a high rate of false positives. If you have someone perform analysis on the events that generates your IPS, you will waste their time and their talent with no productive events. It is the most common reason that a signature is disabled in an active sensor.
The last reason, maybe you want a signature (or a family of signatures) disabled, it is that they do not violate security policy you. If your organization allows peer-to-peer file sharing they that you wouldn't need signatures to stop this activity.
-Bob
-
RAM Mac pro 1.1 detects only not all after kernel panic
Hello
my mac pro 1.1, 2 x 3.0 Ghz quad core, ram 24 GB os x 1.7.5 just had a kernel panic and stop, after being on for 12 plus hours for most sitting idle. When I restarted the mac pro, now he is grateful only 12 GB of ram on a lift and another elevator shows empty, the DIMMs are installed in mounting a 4gb4gb2gb 2 GB, riser board b = 4gb4gb2gb2gb =, are all matched pairs. all the ram has been installed and functional for the 7-8 months without any problem. This is the first time my mac has never stop from a kernel by itself, panic and he never failed to see half of the ram before, in fact it worked great for quite some time so far. I don't know what is happening and I hope someone can help me get this figured out and find a solution to this problem, thanks in advance.
Bill
You have a RAM failure.
The Mac Pro features help Error correction Code RAM with hardware integrated with its Xeon processor. The Mac Pro 1.1 uses FBDIMM who get hot and do not have a long life expectancy. Work for 7-8 months does not work tomorrow.
The error correction is used aggressively at the start, and all DIMM found to have errors during the Power-On Self Test brief execution have their slots declared 'empty '. This isn't an anomaly, these modules DIMM turns out to be BAD.
If these modules DIMM is stickers from the seller, you can get replaced them under warranty of the seller.
The kernel panic, you met just might be part of the same problem. You can find the report and review it and post it if you want.
Mac OS X: how to connect to a kernel - Support Apple panic
RAM problems show themselves as control panic machine, nucleus, often detected by more than one processor at a time.
-
Yoga 2 pro falsely detects connected headphones
Hey
My Yoga pro 2 will come I am satisfied, if not delightfully has a problem with the audio input jack. At startup, it falsely detects that headphones are plugged, which leaves me with no sound in speakers. I tried to update drivers more recent, but it does not help.
I'll be grateful for any help, thank you
To me it looks more like the anomaly of the electric circuit as a driver problem. I believe that this case should enter through the standard product warranty if your Yoga 2 is still covered by a warranty.
-
Fake call Tx detected with 160 seconds timeout
I just upgraded ESXi hosts to 6 5.5U2 8. 0 b (2809209). The first host I have improved (a Dell R910) is fine for about a week and then died in the middle of the night Sunday night. Came to him hung up, couldn't SSH to it, does not respond on the console and was shown as disconnected in vCenter, all virtual machines on it had HA'ed to other hosts. Should be able to turn off that through iDrac and he came fine. The syslog feature stopped 9 minutes before the events in vCenter showing he's going down, so I couldn't check the newspaper to see what happened before he went down. Writing chalked up an anomaly and put back into production. Less than 24 hours later, woke to pages of our monitoring system of virtual machines on the same host. These virtual machines are inaccessible. The host was always sensitive and marked as upward in vCenter. Cannot open consoles for any of the virtual machines on this host. Was able to SSH in the host and it was in the vmkernel.log:
(2015 08-11 T 11: 14:52.338Z cpu23:33245) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:53.340Z cpu23:33256) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic5: transmit timed out
(2015 08-11 T 11: 14:53.340Z cpu23:33256) < 6 > ixgbe 0000:41:00.1: vmnic5: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:53.340Z cpu23:33256) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic4: transmit timed out
(2015 08-11 T 11: 14:53.340Z cpu23:33256) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:54.342Z cpu19:33251) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic5: transmit timed out
(2015 08-11 T 11: 14:54.342Z cpu19:33251) < 6 > ixgbe 0000:41:00.1: vmnic5: hang Fake Tx detected with 160 seconds timeout
(2015 08-11 T 11: 14:54.342Z cpu19:33251) WARNING: Linnet: netdev_watchdog:3678: NETDEV WATCHDOG: vmnic4: transmit timed out
(2015 08-11 T 11: 14:54.342Z cpu19:33251) < 6 > 0000:41:00.0 ixgbe: vmnic4: hang Fake Tx detected with 160 seconds timeout
These repeated again and again many times per second. The host locked again shortly after and had to be restarted to force the VMs system HA to other hosts.
The vmnic4 and vmnic5 are ports on the same Intel NETWORK adapter X 520-2 (two ports), Intel, not the re-brand of Dell version version. We have two of these network adapters in each host with the ports of the other card of the NETWORK being vmnic6 and vmnic7. vmnic4 and vmnic6 go to our network local, vmnic5 and 7 go to our iSCSI network. These cards use the IGB driver (ethtool reports 3.21.6iov * last * with firmware version 0x61c10001). TSO and LRO are off due to problems that we already had. I spent yesterday upgrading all the firmware on the host of problem but the Intel X 520 - 2 does not appear to be newer firmware that I can find, even if Dell seems to have a version for it which does not apply to these network cards Intel version.
The host of problem is currently in production with a very low charge on it for more than 24 hours so far and I am increasing the load on a regular basis to see if it eventually bombs again.
Googling "Fake Tx crash detected" results in a lot of older hits, mostly from the Linux IGB problems associated with pilots. Nothing to really related to VMware. And nothing that seems relevant.
Any ideas? Find it me hard to believe that the NIC itself suddenly has gone wrong that this host has been with us for years without problems until we went to 6. 0b. I have an another R910 which was bought at the same time that I'm tired of the upgrade that I can't have two hosts having problems it would cause problems of capacity within our cluster.
Say that there is no work around and the only solution was to go down to 5.5U2 when I opened a SR with VMware, I discovered other ways there is a workaround script that seems to change the management of interruptions of CPU from automatic to manual, which is supposed to be the cause of this problem. Why VMware is distributing this script to some people and not others that I don't know, I hope it was just the tech who worked my case not having is no knowledge of the script of the workaround at the time said.
EDIT: I should add that since the purpose of this script to our guests, we have not seen the problem still happen when I had three accidents in the first week. /knockonwood
-
MBP: monitor detected but no image except by VGA
I have a MBP of Mid 2012 running latest El Capitan.
When I connect to an external monitor, it is detected correctly in views (exact name, resolution, etc.), but the monitor doesn't detect any image from the portable computer. I tried the DVI - D and DisplayPort with various cables and monitors with the same result, but a picture appears if I connect to VGA. It started in the past week.
The built-in display does not work normally.
Looks like a hardware failure in the computer DisplayPort connector laptop, as the pins are worn or something?
Any other ideas?
Hi johngirvin,
Thank you for using communities Support from Apple. Sorry to hear that you had these display problems with your MacBook Pro. Looks like you've been on the right track trying to solve this problem. If you continue to have problems, you can find the additional steps described in the following article useful, up to and including contacting Apple Support if necessary:
Get help with graphical problems on the external displays connected to your Mac - Apple Support
Concerning
-
Time Machine (on Mac) does not detect the airport Time Capsule
Originally posted on the page of the airport, but seems to be the better question for this group. Sorry for the double post
Looking for advice on how to get the Time Machine utility for access to my Time Capsule. I use an iMac in late 2012 with MAC OS 10.12 TimeCapsule is 2015 7.7.7 running latest firmware. Airport utility is the latest firmware 6.3.7.
When I run the application Time Machine, Time Capsule is not detected. I tried the two WiFi and with cables connected Ethernet (not tried USB yet) and my Time Capsule doesn't have a lightning bolt or firewire ports.
Open Airport utility & see the airport time capsule. I can see all connected devices, including the MAC, but no prompt activation Time Machine on the Time Capsule.
I recently used TM on this iMac with a G-Technology drive. It auto detects the time machine and executes a back up. But airport Time Capsule will not.
Any suggestions?
Sierra has been problematic with the TC.
1. make sure you don't have any charge virus protection software. In fact, I would say that disable all software 3rd part at the moment.
2. make sure that you can actually write to disk of TC.
Attach the TC disc in the finder and copy a file on disk, you can delete it later... It's just to ensure that you have full write permission. If it does not for the most part, you won't be able to use Time Machine... If you can then try TM immediately...
Just to be clear, the TC is a network device. You have tested with ethernet and wireless... Ok.. They are only suitable methods. You cannot use USB. And clearly, TC has never had nor will never be ports Firewire or lightning.
3. no chance that a reset complete TC. This will not delete the files on the hard drive, but you must make sure that the device is configured on the current computer.
4. There are many positions in these days... read through them and do some research. Sierra is a bleeding edge new... So wait you to spend a lot of the precious liquid if you choose to be an early adopt.
-
Time Machine doesn't detect Time Capsule
Looking for advice on how to get the Time Machine utility for access to my Time Capsule. I use an iMac in late 2012 with MAC OS 10.12 TimeCapsule is 2015 7.7.7 running latest firmware. Airport utility is the latest firmware 6.3.7.
When I run the application Time Machine, Time Capsule is not detected. I tried the two WiFi and with cables connected Ethernet (not tried USB yet) and my Time Capsule doesn't have a lightning bolt or firewire ports.
Open Airport utility & see the airport time capsule. I can see all connected devices, including the MAC, but no prompt activation Time Machine on the Time Capsule.
I recently used TM on this iMac with a G-Technology drive. It auto detects the time machine and executes a back up. But airport Time Capsule will not.
Any suggestions?
We understand your current configuration of the network with the Time Capsule (TC). Is the TC the only router on your network? What is the brand and model of the modem Internet you have directly linked it by Ethernet?
Normally you use a wired connection or wireless between the iMac and the TC? This always was a problem or just started to happen? If she just started, have you changed any software/firmware on the iMac or TC?
-
Thunderbolt display is no longer detected
I have a late 2013, MacBook Pro and a 27 inch Thunderbolt display, bought in September 2014. I use the screen without problems since then. But today the display is no longer detected. I got the MacBook disconnected from the screen, which has been briefly disconnected from the sector. (It was a power outage scheduled as it happens, but I don't see how that makes a difference).
Now, when I connect display of the power of the lead part works fine but the screen does not illuminate. To the search, in the report of the system, the Thunderbolt Bus shows two Ports both with "no device connected". I have a Thunderbolt ethernet adapter and shows.
I tried all the usual troubleshooting steps: disconnected power for a few minutes, resetting the NVRAM, reset SMC. A ran Diagnostics from Apple on the MacBook - all very good. I don't know what I can do. The Thunderbolt connector is slightly warm to the touch, which I think is always the case.
Everyone you have other ideas please?
Hey donnysp,
If I understand correctly, the external display Thunderbolt is not recognized by MacBook Pro. Looks like you already have a troubleshooting. I recommend you to read this article, it may be able to help solve the problem.
Check the connections on your Mac and external screens:
- If you use an Apple laptop computer, try to connect the AC adapter.
- Make sure that the power cable from the external display is connected correctly and that your display is enabled.
- If you are using a Mac Pro (end of 2013), make sure that your screens are plugged into the right ports.
- If you use a hub of display, Cabinet or "KVM", try to connect the video cable from your screen directly to your Mac instead.
- Unplug the video cable where it plugs into your Mac, then reconnect to reinsert the connection.
- If you are using a video card, unplug the video adapter on your Mac, then reconnect to reinsert the connection.
- If you use multiple video cards to connect your screen (the cards are "chained"), testing connection of the screen by using a single adapter if possible. Some video cards may not be linked together. For example, a mini DisplayPort to DVI adapter may not be connected to an adapter DVI to HDMI.
- If your screen has more than one video connection, see if you are using another connection on the display works. If possible, check if you use a different view or a different adapter works.
- Try using another cable that you know to be in working condition. Check with the manufacturer of the screen to make sure that you use the cable they recommend.
Get help with graphical problems on external displays connected to your Mac.
Thank you for using communities of Apple Support. Have a good.
Maybe you are looking for
-
iCal 'server error' and '509' error
For the last two days, when I try to add or edit an event in iCal I get the warning triangle and when I click it I get "server responded with"509"operation CalDAVMoveEntityQueueableOperation". If I go back to the server, I get the same message. I can
-
HP pavilion dv6-6c65el: recovery disk request, support
Hello all, I've lived in Mauritius and in 2012, I buy a hp pavilion of Italy, Sicily. Recently, my fall the notebook down even the hard disk recovery section has been altered. I went on www.best2serve.com to find the disc said, but my country did not
-
How can I disable the speakers when you use headphones?
I plug in headphones, but keeps the sound from the speakers so chromebook.
-
How to remove "HP recovery manager" from the start menu?
A year ago, I had a virus attack on my computer. Knocked it completely. In the process of reinstalling the computer, HP Recovery Manager was added to the start menu. Now I need to remove it in the start menu because it takes an unnecessarily long tim
-
[Service of NFC - ON / OFF - when locked screen - BB10]
Dear RIM, I have a question: When the device is locked, the NFC service will be switched off. We somehow serving the NFC always be on when the device locked? Thank you. Best regards Dennis.