Trustpoint question
Hello
I tried to register my ASA with the CA PKI.
I was wondering if someone can clarify what is the purpose of a trustpoint.
I searched and according to this article, he says that it is a container where certificates are stored and says a trustpoint can store 2 patents, including the certification authority and a certificate of identity of the SAA.
https://supportforums.Cisco.com/document/52076/certificate-backup-and-in...
I went to Configuration > Device Management > Certificate Management > CA certificates and received the certification authority. my understanding is that this step allows the ASA trust the certificate signed by this CA. for the name of trustpoint, I used my CA
I then went to Configuration > Device Management > Certificate Management > identity certificates and tried to apply for a certificate of identity. for the name of trustpoint, I used the same name (my-CA). looking at the error message I got, looks like me using the same name of trustpoint to the certification authority and certificate of identity is the origin of the problem.
[OK] crypto ca trustpoint ma-CA
Crypto ca My CA trustpoint
[OK] - revocation checking no
[OK] keypairs Cert-identity-key pair
[OK] password xxxx
[OK] id-use ssl secured by ipsec
[Does OK] no name FQDN
[OK] name of the object CN = asa 5505, O = home, C = US, St = OH
[ERROR] registration url http://NDES/certsrv/mscep/mscep.dll
Registration of Trustpoint configuration cannot be changed for an authenticated trustpoint.
[ERROR] crypto ca authenticate my-CA nointeractive
You may use 'no crypto trustpoint < name-trustpoint > ca' to remove the previous CA certificate.
[OK] crypto ca enroll my-CA tmpfs
so my question is, what name to use for trustpoint? and do we need a new trustpoint to each identity and the certificate of the CA that we install in the asa?
Thank you
you need to generate a CSR and send it to HQ; provide it it the ID-cert and cert of the CA root; install cert ID first, then the CA cert root
Tags: Cisco Security
Similar Questions
-
Hi I'm new Anyconnect VPN. These are fundamental questions. The first step to set up the vpn is download image. What is this image? I noticed that the configuration of the VPN does not contain some general vpn configuration steps such as crypto isakmp policy and crypto ipsec etc. Maybe the image contains all of this information? If so, how to get the image? Thank you
IPsec is not a kind of SSL. It's a total different encryption mechanism.
IPsec uses pre-shared keys (almost always) and is so symmetric cryptography (the two peers have the same "secret"). Until there are 4-5 ears it was predominant VPN technology and is still widely used, particularly in site-to-site VPN connections.
SSL uses a PKI (PKI) with a private key ('secret') not shared between peers and therefore asymmetric. More new remote access VPN in recent years are based on SSL. SSL does not use lines of configuration of ipsec crypto or crypto isakmp but instead relies on certificates and trustpoints.
Complicating the landscape there is a new safer type of VPN IPsec is IKEv2. It is not widely adopted in my experience, but is increasingly used by organizations and agencies who need to comply to strict government standards.
-
I am ASA 5505 that I am of is running correctly by using the AnyConnect client. The question is, can I connect to the fine external interface, but cannot ping or attach them to any host on the inside. When I connect, it accepts the user name and password, and I can run the ASDM or SSH to the firewall very well, but not further. In the control, after I log in, I get an IP address inside, of the order of 10.7.30.x as expected.
Following configuration:
: Saved
:
ASA Version 8.2 (5)
!
asa5505 hostname
domain BLA
activate the password * encrypted
passwd * encrypted
no names!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
switchport access vlan 150
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 10.7.30.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP EXTERNAL IP 255.255.255.128
!
interface Vlan150
nameif WLAN_GUESTS
security-level 50
IP 10.7.150.1 255.255.255.0
!
boot system Disk0: / asa825 - k8.bin
config to boot Disk0: / running-config
passive FTP mode
clock timezone STD - 7
DNS server-group DefaultDNS
domain BLA
permit same-security-traffic intra-interface
object-group service tcp Webaccess
port-object eq www
EQ object of the https port
object-group network McAfee
network-object 208.65.144.0 255.255.248.0
network-object 208.81.64.0 255.255.248.0
access extensive list ip 10.7.30.0 outside_1_cryptomap allow 255.255.255.0 192.168.24.0 255.255.252.0
access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 192.168.24.0 255.255.252.0
access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 172.16.10.0 255.255.255.0
outside_access_in list extended access permit tcp any host 159.87.30.252 eq smtp
outside_access_in list extended access permit tcp any host 159.87.30.136 Webaccess object-group
outside_access_in list extended access permit tcp any host 159.87.30.243 Webaccess object-group
access-list extended outside_access_in permit tcp host 159.87.70.66 host 159.87.30.251 eq lpd
outside_access_in list extended access permit tcp any host 159.87.30.252 Webaccess object-group
outside_access_in list extended access permit tcp any host 159.87.30.245 Webaccess object-group
outside_access_in list extended access permitted tcp object-group McAfee any eq smtp
permit access list extended ip 172.16.10.0 outside_access_in 255.255.255.0 10.7.30.0 255.255.255.0
outside_access_in list extended access permit ip host 159.87.64.30 all
standard access list vpn_users_splitTunnelAcl allow 10.7.30.0 255.255.255.0
IPS_TRAFFIC of access allowed any ip an extended list
access extensive list ip 10.7.30.0 outside_nat0_outbound allow 255.255.255.0 any
inside_access_in list extended access permit udp 10.7.30.0 255.255.255.0 any eq snmp
access extensive list ip 10.7.30.0 outside_cryptomap allow 255.255.255.0 172.16.10.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
host of logging inside the 10.7.30.37
Debugging trace record
Within 1500 MTU
Outside 1500 MTU
MTU 1500 WLAN_GUESTS
local pool VPN_POOL 10.7.30.190 - 10.7.30.200 255.255.255.0 IP mask
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm-645 - 206.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (outside) 0-list of access outside_nat0_outbound
NAT (WLAN_GUESTS) 1 0.0.0.0 0.0.0.0
public static 159.87.30.251 (Interior, exterior) 10.7.30.50 netmask 255.255.255.255
public static 159.87.30.245 (Interior, exterior) 10.7.30.53 netmask 255.255.255.255
public static 159.87.30.252 (Interior, exterior) 10.7.30.30 netmask 255.255.255.255
public static 159.87.30.243 (Interior, exterior) 10.7.30.19 netmask 255.255.255.255
public static 159.87.30.136 (Interior, exterior) 10.7.30.43 netmask 255.255.255.255
Access-group inside_access_in in interface inside the control plan
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 159.87.30.254 1
Route inside 172.16.1.0 255.255.255.0 10.7.30.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA-server ADWM-FPS-02 nt Protocol
AAA-server ADWM-FPS-02 (inside) host 10.7.30.32
Timeout 5
auth-domain NT ADWM-FPS-02 controller
AAA-server ADWM-FPS-02 (inside) host 10.7.30.49
auth-DC NT ADWM-DC02
AAA authentication http LOCAL console
AAA authentication LOCAL telnet console
the ssh LOCAL console AAA authentication
Enable http server
http 206.169.55.66 255.255.255.255 outside
http 206.169.50.171 255.255.255.255 outside
http 10.7.30.0 255.255.255.0 inside
http 206.169.51.32 255.255.255.240 outside
http 159.87.35.84 255.255.255.255 outside
SNMP-server host within the 10.7.30.37 community * version 2 c
location of the SNMP server *.
contact SNMP Server
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto-map dynamic outside_dyn_map pfs set 20 Group1
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 206.169.55.66
map outside_map 1 set of transformation-ESP-3DES-MD5 crypto
card crypto outside_map 2 match address outside_cryptomap
peer set card crypto outside_map 2 159.87.64.30
card crypto outside_map 2 game of transformation-ESP-AES-192-SHA
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
Crypto ca trustpoint *.
Terminal registration
full domain name *.
name of the object *.
MYKEY keypairs
Configure CRL
Crypto ca trustpoint A1
Terminal registration
fqdn ***************
name of the object *.
MYKEY keypairs
Configure CRL
Crypto ca trustpoint INTERMEDIARY
Terminal registration
no client-type
Configure CRL
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint1
Configure CRL
ca encryption certificate chain *.
certificate ca 0301
BUNCH OF STUFF
quit smoking
A1 crypto ca certificate chain
OTHER LOTS of certificate
quit smoking
encryption ca INTERMEDIATE certificate chain
YET ANOTHER certificate
quit smoking
Crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca LAST BOUQUET
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
No encryption isakmp nat-traversal
Telnet 10.7.30.0 255.255.255.0 inside
Telnet timeout 30
SSH 206.169.55.66 255.255.255.255 outsideSSH timeout 5
Console timeout 0
management-access inside
dhcpd 4.2.2.2 dns 8.8.8.8
!
dhcpd address 10.7.150.10 - 10.7.150.30 WLAN_GUESTS
enable WLAN_GUESTS dhcpd
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL encryption rc4 - md5 of sha1
SSL-trust A1 out point
WebVPN
allow outside
AnyConnect essentials
SVC disk0:/anyconnect-dart-win-2.5.2019-k9.pkg 1 image
enable SVC
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
internal VPNUsers group strategy
Group Policy VPNUsers attributes
value of server DNS 10.7.30.20
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpn_users_splitTunnelAcl
dwm2000.WM.State.AZ.us value by default-field
Split-dns value dwm2000.wm.state.az.us
username HCadmin password * encrypted privilege 15
attributes global-tunnel-group DefaultWEBVPNGroup
address VPN_POOL pool
authentication-server-group ADWM-FPS-02
strategy - by default-VPNUsers group
tunnel-group 206.169.55.66 type ipsec-l2l
IPSec-attributes tunnel-group 206.169.55.66
pre-shared key *.
tunnel-group 159.87.64.30 type ipsec-l2l
IPSec-attributes tunnel-group 159.87.64.30
pre-shared key *.
!
class-map IPS_TRAFFIC
corresponds to the IPS_TRAFFIC access list
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
Review the ip options
class IPS_TRAFFIC
IPS inline help
!
global service-policy global_policy
field of context fast hostname
anonymous reporting remote call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:e70de424cf976e0a62b5668dc2284587
: end
ASDM image disk0: / asdm-645 - 206.bin
ASDM location 159.87.70.66 255.255.255.255 inside
ASDM location 208.65.144.0 255.255.248.0 inside
ASDM location 208.81.64.0 255.255.248.0 inside
ASDM location 172.16.10.0 255.255.255.0 inside
ASDM location 159.87.64.30 255.255.255.255 inside
don't allow no asdm historyAnyone have any ideas?
Hello
Please, add this line in your configuration and let me know if it works:
access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 10.7.30.0 255.255.255.0
I ask you to add that it is because you have not specified any exceptions for the return shipping. Once you add to it, will allow you to go through the tunnel VPN, packets back. When this command is not there, you will be able to access everything on the SAA but nothing behind it.
Let me know if it helps.
Thank you
Vishnu
-
Name of the PKI trustpoint client?
I have two routers directly connected to g0/0 R2 R1 g0/0 lab.
I have IPsec with preshared keys configured and everything works fine.
I just finished setting up R1 as the CA PKI server and created a better priority isakmp policy to use when certificates are configured finally between R1 and R2.
My next task is to configure R1 also as client PKI.
I ran crypto key generate module general key of rsa 512 - everything is good, no problems yet.
Now I need to create a trustpoint to the CA server and this is my question-
Can what name be used - which means that what I have to use the same name that the server CA [R1-CA] or any other name of the ol is well?
My config for R1 below.
Thank you again once - I will get it working soon - I hope!
Frank
R1 #sh run
start the flash system: c2800nm-advsecurityk9 - mz.151 - 2.T1.bin
!
clock timezone IS - 5 0
summer time clock IS recurring
!
IP source-route
!
IP cef
!
IP TEST domain name. LAB
IP host 192.168.1.1 R1
host IP 192.168.1.2 R2
!
cryptographic pki R1 - CA server
database level complete
name of the issuer cn = R1 - CA UO = Point to point
EMP flash url database:
Crypto pki token removal timeout default 0
!
Crypto pki trustpoint R1 - CA
crl revocation checking
rsakeypair R1 - CA
!
R1 - CA crypto pki certificate chain
certificate ca 01
3Y82YA98 3Y82YA42 AYY3Y2YA Y2Y2YAYA 3YYDY6Y9 2A 864886 F7YDYAYA Y4Y5YY3Y
223A2Y3Y AEY6Y355 Y4Y3A3A7 523A2D43 4A2Y4F55 3D5Y6F69 6E742D74 6F2D7Y6F
696E743Y AEA7YD3A 3Y3A3Y32 363 3335 3835325 HAS A7YD3A33 3A3Y3235 A 3, 333538
35325A3Y 223A2Y3Y AEY6Y355 Y4Y3A3A7 523A2D43 4A2Y4F55 3D5Y6F69 6E742D74
6F2D7Y6F 696E743Y 5C3YYDY6 Y92A8648 86F7YDYA YAYAY5YY Y34BYY3Y 48Y24AYY
B5467D77 A2FYA8A2 YC3ABAFY [not the real key] 8976CBA5 C3522D4F E43629EY
YC9C5AB8 F397F99F 7E83AYA6 36A2A526 BF2B8552 4A9F4CC3 AAY6EY4F 4B6AE4AD
Y2Y3YAYY YAA3633Y 6A3YYFY6 Y355ADA3 YAYAFFY4 Y53YY3YA YAFF3YYE Y6Y355AD
YFYAYAFF Y4Y4Y3Y2 YA863YAF Y6Y355AD 23Y4A83Y A68YA4CE FCCC6448 DFF9B52A
6BC29CBD BF3DAA93 D6DBAA3Y ADY6Y355 ADYEY4A6 Y4A4CEFC CC6448DF F9B52A6B
C29CBDBF 3DAA93D6 DBAA3YYD Y6Y92A86 4886F7YD YAYAY4Y5 YYY34AYY 28A92EC2
AEBYE76D 9A5AA4D2 7529FAA4 B44CC6CB 8773E5EA 894A48E6 E6C6A3B4 598B 8734
2A32F838 3424DY46 3C74BY6C AAAB8AFD 926YFCAA B5C87AA5 92BC4Y38
quit smoking
!
crypto ISAKMP policy 10
BA 3des
Group 2
!
crypto ISAKMP policy 20
BA aes 256
preshared authentication
Group 5
.
.
. blah blah blahYou must use a different name. The trustpoint with the same name is automatically created by CA server and you should not change it.
cisco1 Server cryptographic pki
database level complete
name of the issuer CN = cisco1.cisco.com L = RTP C = US
CRL life 24
certificate of life 200
Life 365 ca-certificate
CDP - url http://192.168.1.2/cisco1cdp.cisco1.crl
!
Crypto pki trustpoint cisco1
crl revocation checking
rsakeypair cisco1
!
Crypto pki trustpoint test< this="" is="" trustpoint="" which="" is="" used="" for="" get="" cert="" from="" local="" ca="">
Enrollment url http://192.168.1.2:80
IP 192.168.1.2
revocation checking nobhnd-7600 #sh cry cert ca
CA
Status: available
Serial number of the certificate: 01
Use of certificates: Signature
Issuer:
CN = cisco1. Cisco.com L = RTP C = US
Object:
CN = cisco1. Cisco.com L = RTP C = US
Validity date:
start date: 17:34:02 UTC on October 26, 2010
end date: 17:34:02 UTC on October 26, 2011
Trustpoints associated: test cisco1Certificate
Object:
Name: bhnd - 7600.cisco.com
IP address: 192.168.1.2
Status: pending
The key usage: general use
Application for fingerprint MD5: 439016A 1 EF93250E 5F870E5F 13DAADA3
Application for a certificate fingerprint SHA1: 26CC73B3 8AECADD0 C5045B45 3BDC0A8F B636451E
Related Trustpoint: test -
question about registration of CA
I have a large company of a dmvpn star site. We are currently using psk for IKE authentication. We seek to put in place an internal PKI infrastructure for IKE authentication. I configured an internal root CA and 2 secondary cases on the routers from 1941 to this effect. We expect use PEIE autoenrollment for routers of the head of Star network to register for these internal certification authorities. My question is which of these cases should I have my routers register to? Or can I have a few routers join sup - A1 and some apply to sup - A2 and maybe a few to root-CA?
enrollment url http://rootCA:80
enrollment url http://subCA1:80
enrollment url http://subCA2:80
???
Hello
There is no problem from the point of view of IPsec to register for the two subCAs.
The CERT_REQ payload will be sent for two subCAs in Main Mode 3 and 4 message.
(Note: If you want to change this behavior, you can select the profile of isakmp particular trustpoint inside)
Nowayds it is more important to the highly available as CA (ISMA) CRL itself.
Two subCAs means do not rely on a unique material to provide functions to update the registration/CRL.
Note that you can chain up to the root certificates, which should allow essentially rays are registered to the subCA1 to establish IPsec with subCA2.
I have not tried to do it with the SCEP Protocol... not sure if you can do it automatically...
Marcin
-
iOS 10 people record problem/question
Hello
I have a couple of "faces" in the issue of people who are coming in white, but acknowledged same 'face' of many times. Is anyway to update it for photo comes actually? At a few faces, I don't know that facial recognition found since it is coming from white.
Hi JohnP007,
Congratulations on your iPhone 7 more running iOS 10! I understand that some of your faces in the album of people pull up as a draft and you want to refresh. You can try to use the steps below to fix the faces on the thumbnails in albums.
Difficulty faces and names mixed-up
If you notice that there is a photo of someone in a collection that is poorly identified, you can remove it.
- Tap the person you want to remove in the album of people > select.
- Type Show done face to emphasize his face in every photo.
- Press on each photo that is not the person.
- Type
> not this person.
Hide people
You can hide the people or groups that you don't want in your album of people.
- Open the album people and press Select.
- Touch the people you don't want to see.
- Click Hide.
If you want to see the people that you have hidden, press on show hidden people.
People in the Photos on your iPhone, iPad or iPod touch
This should be corrected without delay faces. Please use the Apple Support communities to post your question. Good day.
-
Questions - and answers forgotten
How to get my 'secret' answers to the questions that I have noted the way back when?
If you forgot the answers to your questions of security of Apple ID - Apple Support
-
I can't reset the security questions. We received notice as below:
Hello world
I can't reset the security questions. We received notice as below:
"Cannot reset Security Questions."
We have insufficient information to reset your security questions. "
Please help me as soon as possible! Thank you very much.
Hello
You will need to contact the Apple Support.
The information is available here:
Contact Apple for assistance with the security of the Apple ID - Apple Support accounts
(I'm afraid that no one here can solve the problem for you - this is a user-based community).
-
Question of cloning for SSD upgrade on 12 Macbook Pro
Previously, I did an upgrade to SSD on my Macbook Air to 2012 according to the instructions of JetDrive transcend. Basically connection via USB 3 and using Mac OS X to clear (and format) disc utilities new SSD, then restore again SSD and then remove the original 128 GB SSD and insert the new 480 GB SSD. For about a month and so far without problem.
Now I'm trying to 2012 Macbook upgrade my Pro partner (on 10.11.6). I got a Crucial SSD MX300 to replace his HARD drive. Crucial comes with (or recommend) Acronis software. And a lot of the messages of the forum recommend Carbon Copy Clone.
My question is if I can use the same method for the cloning of the HD as my Macbook Air (just restore disk of Mac OS X utilities)? This time, I'm upgrading HARD drive and I don't know if something is different. At the same time, if I got lucky the first time, I don't not ruin Macbook Pro my spouse this time.
Thank you.
Yes, you can use disk utility to clone your MBP wives, but unlike CCC, it will not clone the recovery and Partition.
-
Question about resolution movie downloads
If I buy a movie at a certain resolution (780p for example), but I want more later re - download at a higher or lower resolution (SD or 1080 p), can I do so and how?
Same question perhaps for music. Some of my songs have been bought before the latest Apple codecs.
Any help is appreciated!
THX!
Once you have made a purchase on the iTunes store, you will see your purchased items in the menu under accounts bar > bought. You can simply select the item purchased and re-upload.
With regard to the resolution of the film for films that are offered, and you select the resolution, you can download it again and select a different resolution. For movies that are available as separate download to SD, 780, or 1080 points, you would be limited to the original resolution you selected.
-
I just have a question. I said that I can't ask questions.
Do exactly what you did to make this post, but your question in there instead.
-
Cannot reset the Security Questions
Hello my dear
-J' forgot my account security questions, but I remember password
And I'm changing my Security Questions, but show me this sentence
"Cannot reset Security Questions."
We have insufficient information to reset your security questions. "
-I want to solve this problem as soon as possible if permitted
-
Hi all
Stumbled upon a problem, try to install Windows 10 an end 2014 27' iMac w/retina education runs Yosemite 10.10.5. Bootcamp is V 5.1.4. 32 GB, 3.5 ghz Intel I5. Disk of 1 TB of Fusion. Before you try this, I read the guide of Bootcamp to install windows, but also a number of other tutorials and forum messages about potential problems. This research, I learned that for EDU edition you must change the name of the file from Win10_1607_Education_English_x64.iso to Win10_1607_English_x64.iso. Apparently to have the former name of the file may cause OS X to not recognize the ISO. That fact I started Bootcamp, waited while the software downloaded and created a bootable USB key and partitioned my drive giving Windows 70 GB of space. After that, I got the message that my computer is restarts. Upon restarting, I got the black screen with the blue Windows logo and a spinning loading animation. After a few minutes, a blue screen with a message "Windows has encountered and error with computer and must restart," or something similar. He was pretty quick, so maybe it's not word for Word, but it was not a helpful post in terms of saying something specific. When the computer reboots, I am sent directly to OS X, though a bit slower than normal. I tried to restart with the flash drive to see if the installer would start up, no dice. Try now the Option key at startup, the flash player is not available. Went into my settings to see if I could change my startup on Win disk install USB, no luck it no more.
Now for the question: How can I get the Windows installation again? What I have to start the process, and if so, what should I use Bootcamp to delete the partition that was created? I have re-run Bootcamp and the only option that is checked is the partition and start and install/uninstall windows and delete the partition.
Thanks for the help.
Perform the following two procedures
Reset the management system (SCM) controller on your Mac - Apple Support
How to reset the NVRAM on your Mac - Apple Support
If you use a USB drive, not a USB flash drive, you will have problems. It is recommended to use a 8-16 GB USB2 flash drive.
If the installation program is located on a USB Flash drive, stop your Mac, connect the USB key, restart and hold down the alt/option key and select the Windows icon in the USB port. This installs Windows in BIOS mode. If you click the start EFI icon, it will install using the EFI mode (faster). You may need to change the partition from MBR to GPT using GPT Fdisk.
-
Yes, I understand these are the Apple support forums, but I don't know where else to ask this question and I thought some of you would have the answer to this question.
I deleted my Yahoo account last week, but I've heard that the 500 million Yahoo accounts were hacked in 2014. I made my account in 2015. Im sure it is hacked since I made my account a year after the supposed hack, but if my account has been hacked and I deleted which would be safe?
If your account did not exist in 2014, then it is has not been hacked. Removal of the guarantees it will not be new since there was more pirate. Normally, at least the hackers got access to more information in the narrative, as credit card numbers, change your Yahoo password would have sufficed.
-
Text backup question / deleted
I accidentally deleted one of my iPhone SMS 6 Plus. They always show on my iMac and iPad but I fear when an AutoSave occurs, it will back up the iPhone and remove them to two other devices. What will happen? I use iCloud if that makes a difference.
Hi melissahh625,
I understand that you have questions about your messages deleted on different devices. I know that it is important to have a handle on your data, so I'm happy to help you.
When you receive messages, they are stored on different devices. This means that when you delete a device they will not be deleted on the other. This is the case, even if one of your backup devices to iCloud that these backups are specific to devices, as well.
Thank you for using communities Support from Apple. See you soon!
Maybe you are looking for
-
View the history form is really weird
When I start typing in a box, my history of form appears, but not readable way: http://s21.postimg.org/yfp9s99cz/Screenshot_14.png?noCache=1372954964 I tried to restart Firefox with disabled modules and the problem disappeared, so I tried to disable
-
HP Pavilion Elite HPE-500f desktop PC
HP Pavilion Elite HPE-500f desktop PC - I would like to upgrade food, video card and hard drive. Can I use a SATA III hard drive? Can I use a 4 Gig ATI video card? Those are the weak links in this computer in the measurement of performance, Windows 5
-
Win 7 download shows wrong language
I am trying to download a version of Windows 7 to rebuild my computer that I don't have the original diskettes. I put the license code in the download Web site and confirms that it is a valid code, but it doesn't let me download a Korean version. As
-
I want to show two different images side by side
I have elements 12 which is what I need, especially to adjust the size and color of my work and then transfer them to the Web site.Sometimes, I need to show the original sketch alongside the final piece that will be quite different.How to do this on
-
No adapters network for ESX 5.5 Installation
I hope someone can give me an answer I can use to try to get this working.I try to install ESX 5.5 on a PC additional I have laying around my house and I've known nothing else problems with the network adapter. I use an Asus P68V-Pro motherboard with