or Create a profile

Home Online Banking

Vanguard OFX service ongoing issue

avp2's Avatar

avp2

26 Dec, 2024 08:44 PM

Probably just a temporary glitch, but I have not seen it before:

MD error message:
Account: S-Vangd TIRA
I'm sorry, an error occurred. The details of this error are below.
Error Description:java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177)

Console Window:
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; DCID=www21; path=%2F; domain=ofx.discovercard.com -> DCID=www21; path=%2F; domain=ofx.discovercard.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com -> NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure -> JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:43 PDT ->
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:45 PDT ->
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177) 20241226-10:29:21.688 Online downloads (account: 'A-Vangd RIRA', service: 'Vanguard') finished...
20241226-10:29:28.626 Log setting 'DEBUG' has been changed to: Enabled

Showing page 9 out of 9. View the first page

  1. 241 Posted by jonh on 01 Mar, 2025 08:53 PM

    jonh's Avatar

    This is what I see:

  2. 242 Posted by jonh on 01 Mar, 2025 08:58 PM

    jonh's Avatar

    @whitedavidp: Assume you may have browser extensions enabled. If so disable all of them and check the web page. If you see the compose button, go back and re-enable all your extensions and then disable them one at a time to see which one is blocking.
    If you have a firewall blocking sites, you can try adding a pass rule for the url you posted in your earlier message. Can you try a different computer? You seem to have something blocking the ability to post messages. In my experience browser extensions can do that.

  3. 243 Posted by jonh on 01 Mar, 2025 09:02 PM

    jonh's Avatar

  4. 244 Posted by whitedavidp on 01 Mar, 2025 09:51 PM

    whitedavidp's Avatar

    @jonh, thanks for all the time and help. I will try the upload documents mechanism that I saw mentioned. It is concerning that many stated that the send message had been removed for many users. Yet more 1st class customer service from Vanguard? Hah!

  5. 245 Posted by dtd on 01 Mar, 2025 09:54 PM

    dtd's Avatar

    If you can't send a message, then customer service doesn't have to help, and can say "no one asked us for help".

    "Our job would be great if it weren't for the customer requests! Oh, wait."

    Unfortunately, this attitude is definitely not limited to Vanguard.

  6. 246 Posted by whitedavidp on 01 Mar, 2025 10:06 PM

    whitedavidp's Avatar

    I tried disabling all add-ons. No difference.

    I went looking for the send documents mechanism - not found. tried that in the search - nothing found.

    This syndrome is rampant. But I sound like an old fart - which I am!

  7. 247 Posted by jonh on 01 Mar, 2025 10:34 PM

    jonh's Avatar

    @whitedavidp said “ But I sound like an old fart - which I am!”
    We’ll have to race. I’m getting too close to 80 for comfort.

    Guess you will have to call customer service on that antiquated communication device that us oldtimers are most familiar with. Then enquire about the ‘compose’ button.

    I recall quite a number of years ago being required to switch my accounts to ‘brokerage’. I never did understand why. One of the comments on that site I previously linked to mentioning “is the word brokerage in your account name?”. Maybe that is a clue. And, as some others pointed out, don’t expect a quick reply to a message.

  8. 248 Posted by bheck11 on 02 Mar, 2025 03:17 PM

    bheck11's Avatar

    Just my further thoughts: I'm trying to keep this all in perspective.

    On the "glass half empty"side, we can grumble about Vanguard removing QFX service -- but on the other side, at least they held out in offering that service way longer than other companies. (Earlier, I mentioned that I could trade Vanguard products within my bank's brokerage account, but that bank is Chase -- and Chase abandoned QFX Direct Connection long ago, so why would I prefer Chase over Vanguard?) And yes, Fidelity still offers QFX, but then again for those using aggregators, the only aggregator that they use is the one they own -- not exactly paragons of customer service there. (And realistically, the day that Fidelity figures out how to lose QFX service without alienating Quicken customers is the day that QFX will be gone.)

    Also, I'm not clear that QFX Direct Connection is any more secure than MD+ / Plaid. Some other form of direct connection might be, but if wishes were horses.... Meanwhile, downloading QFX files manually is the most secure ever, but I'm too lazy for that.

    Given that I have to use MD+ for banking / credit card downloads anyway, throwing Vanguard into that mix is no big sacrifice.

    So I guess it's just another "Oh well...." situation. First world problem and all that.....

  9. 249 Posted by dwg on 02 Mar, 2025 08:36 PM

    dwg's Avatar

    Moneydance+ may or may not be more secure, it depends on if the connection between Plaid and the Institution is using a username/password pair or if it is tokenised.

    Privacy is another issue. Moneydance+ is certainly not more private.

  10. 250 Posted by bheck11 on 03 Mar, 2025 12:01 PM

    bheck11's Avatar

    @dwg - good point, I lazily conflated security and privacy.

    My understanding from a scan of the MD+ overview is that the Plaid interface is tokenized, but I could be wrong about that. Meanwhile, I guess I'm not that worried about privacy in this context.

  11. 251 Posted by dwg on 03 Mar, 2025 12:18 PM

    dwg's Avatar

    Whether it is tokenised depends on the Institution's systems.

  12. 252 Posted by Rick on 07 Mar, 2025 11:36 PM

    Rick's Avatar

    Vanguard has been repaired for Quicken and is working as of this afternoon. Fingers crossed MD will have access soon to OFX. Still getting error dialogue box with MD.

  13. 253 Posted by whitedavidp on 07 Mar, 2025 11:56 PM

    whitedavidp's Avatar

    Thanks @Rick! I decided to give it a try. I get the attached. I also tried, as "worked" earlier, to refresh the connection info. The refresh attempt failed as well. At least a glimmer of hope!

  14. 254 Posted by dtd on 08 Mar, 2025 01:04 AM

    dtd's Avatar

    The real question is: Is quicken still using the direct connect connection (i.e. ofx is working again) or have they shifted to the FDX standard with Vanguard having just beat them to the game by a few days. (i.e. Vanguard converted and Quicken quickly followed)

    I don't know that answer at this time.

  15. 255 Posted by sean on 08 Mar, 2025 06:51 PM

    sean's Avatar

    My error has also changed to a timeout:
    Got exception: java.net.ConnectException: Operation timed out

    If a full log would help I'm happy to share it.. just wasn't sure how to anonymize it.

  16. 256 Posted by sth on 08 Mar, 2025 08:51 PM

    sth's Avatar

    Well Vanguard has made some improvement. The vanguard web servlet (small application run by the Vanguard web server) that actually sends information is now active and not just redirecting you to an error page. However the servlet is not replying and the query from MD is giving up after some time with no answer.

    question for @sth: when you say "There is nothing inherently more secure about downloading an OFX file from Vanguard directly using 2FA or authorizing Plaid to download an OFX file from Vanguard for you using 2FA." and mention "Vanguard directly" are you saying that if I enable 2FA at Vanguard and if Vanguard somehow re-establishes direct OFX download into MD (as most of us here would appreciate), that I will have to perform 2FA during the MD download process? Thanks...

    I am not well versed on how the whole MD+/Plaid thing will work. But it just seems like I must (1) end up giving some kind of auth info to Plaid for each of the accounts/institutions it interacts with, (2) that Plaid then gets a form of access that no other body will have had before in my current setup, (3) that I then must rely upon Plaid to keep that information and the information it retrieves on my behalf "safe and secure", and (4) I need to give MD credentials to access Plaid on my behalf. Is this correct?

    I have been away for awhile and busy at work. But I will try to clarify what I meant about security. I am going to use MD+ and Plaid interchangeably here since MD+ is just an interface to Plaid.
    1. I do not believe that 2FA will be necessary when/if Vanguard re-establishes their OFX download feature. That did not require a login to Vanguard using 2FA in the past even though I do have it turned on. Of course that is up to Vanguard.

    1. The comment on security, is that in enabling Plaid to access your Vanguard issue, the first time, you will have to use 2FA though a Vanguard login process. Once that is done, Plaid and Vanguard create special tokens that authorize them to exchange data. Those tokens cannot be stolen because they are tied to the domain name of plaid and vanguard and created with a secret long password. These tokens (essentially a string of a few thousand bits) are exchanged each time to verify the transaction. Plaid does not have your username/password combination. Plaid did not have it ever since it merely used the Vanguard website to enter the data. Vanguard does have your user name and a (hopefully encrypted) version of your password. Using OAuth protocols any token can be revoked and Plaid and/or Vanguard will ask occasionally if you still want to maintain or renew the connection.

    So yes, you are giving authorization to Plaid and Plaid only to access Vanguard data. Theoretically Plaid does not retain the data (nor does IK through MD+) but merely passes the info to your running MD. All the data is passed in encrypted form through the internet. I am not sure what you mean but (4) above, MD+ gets credentials to access Plaid when you setup an account and pay for MD+. The MD software does encrypt the communication. MD on your local machine has a copy of your user account and clear text password for each account. Plaid only has a long string of authorized bits for that account which can be revoked or renewed. Vanguard has your user name and hopefully an encrypted version of your password that cannot be decrypted. (so called "trapdoor algorithm").

    This is all as I understand it and subject to those with more detailed knowledge of the software (ie Sean and Stuart).

  17. 257 Posted by whitedavidp on 08 Mar, 2025 09:32 PM

    whitedavidp's Avatar

    Thanks @sth! This helps my understanding quite a bit and MAY reduce my resistance to using Plaid.

  18. 258 Posted by dtd on 09 Mar, 2025 05:08 AM

    dtd's Avatar

  19. 259 Posted by sth on 09 Mar, 2025 05:32 PM

    sth's Avatar

    Not on the FM forum BUT has anyone looked at the transaction at the TCP/IP level? It may be restricted no by IP address or hostname but require specific authorized credentials. Special "Referrer" tag or special "agent" tab in the HTML headers.

    This is what software such as Wireshark does.

  20. 260 Posted by whitedavidp on 09 Mar, 2025 05:51 PM

    whitedavidp's Avatar

    If I had access to Quicken, I might be able to do this. We need to see what "works" and then compare to what MD does.

  21. 261 Posted by dtd on 10 Mar, 2025 08:14 PM

    dtd's Avatar

    Well, two minute timeout error delays for each Vanguard account might drive me to finally drop OFX, as I cannot make MD+ go first (ie I have both in place) when checking downloads, unless I do it by hand by clicking the download button within the account.

    Maybe Vanguard's allowing the connection but never responding to it is on purpose to get me to do exactly that, who knows.

    I feel Vanguard has made a final decision on allowing Quicken, but no one else, via OFX, which, if correct, shows it is not their clients they care about, just the companies they work with. I think the only way this might change is if some community figures out a way to get in like Quicken now does, but ultimately, Vanguard has decided to deny many clients access to their own data via OFX, while maintaining the service.

  22. 262 Posted by sean on 10 Mar, 2025 09:15 PM

    sean's Avatar

    Has anyone shared logs with the MD/IK folks?

    The log looks like it connects, gets cookies, and then sends the login info request for download then then that hangs.

  23. 263 Posted by dtd on 10 Mar, 2025 09:54 PM

    dtd's Avatar

    Your sentence is correct:
    The log looks like it connects, gets cookies, and then sends the login info request for download then then that hangs.

    Vanguard does not respond to the login info request for download. At some point, MD gives up (i.e. it does NOT hang) and issues a timeout message.

    MD/IK has been aware of what Vanguard is (or is not) doing since this thread began in December.

  24. 264 Posted by dtd on 13 Mar, 2025 02:31 AM

    dtd's Avatar

    i shut down my ofx connections to vanguard today. Really regretted doing so, but Vanguard follows in the footsteps of Chase, USAA, Schwab, American Express, and others.

    Sadly, I'm down to only three banks (more than three accounts) that, for me, still support OFX direct connect.

    I am pretty sure this abandonment, with no pre-warning to any customers, will continue until I eventually have none. I hope I'm wrong, but I doubt I am.

  25. 265 Posted by dwg on 13 Mar, 2025 04:11 AM

    dwg's Avatar

    It does look like an accelerating trend.

    The institutions I'm sure like it, they cut services and so reduce their costs by the removal of the systems needed to provide it and as a side bonus without having the service they remove support calls regarding any issue with it.

    Any problems with automatic downloads belong with the end user's software provider and the aggregator and the institutions have no obligation to help either.

    Without a legislated requirement for something like Open Banking you are pretty much at the mercy of the institutions. I'm not hopeful of this changing in the U.S.

    Des

  26. 266 Posted by Jon on 13 Mar, 2025 10:04 AM

    Jon's Avatar

    The way to stop any bad situation where you lack individual power is
    protest. Hence I moved all my accounts from Vanguard to Fidelity and was
    very clear with Vanguard why. Similarly why I donate to just causes and use
    5 Calls to object to the actions of the current US administration.

    Use the power you have. Trust me, it feels good Only time will tell if it
    works...

    On Thu, Mar 13, 2025, 12:11 AM dwg <[email blocked]> wrote:

  27. 267 Posted by jlf on 14 Mar, 2025 07:39 PM

    jlf's Avatar

    I don't want to create false hope, but Mark over at FundManager software just posted the message below on their support forum. (FM is unrelated to MD, but has been experiencing the same roller coaster with Vanguard OFX direct access. Mark was very helpful last time in getting MD working again.)

    Just an update for everyone following along here... Someone from Vanguard did reach out to us today to explain the situation. They are aware, and working on fixing their OFX server so that Fund Manager will soon be able to access it again. We weren't given a specific date, but this person was hopeful it would be soon.

  28. 268 Posted by sean on 14 Mar, 2025 08:16 PM

    sean's Avatar

    https://www.fundmanagersoftware.com/forum/viewtopic.php?p=27353#p27353

    Its great news that vanguard is working with them.

    Thanks for the heads up!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

  • New Issue

  • Conversation Started

    A conversation has been started with the Infinite Kind staff to resolve this discussion.

  • Close the discussion

Private Permissions

This discussion is private. Only Infinite Kind support staff and members of The Infinite Kind can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

16 Mar, 2025 07:45 PM Can this report be created?
16 Mar, 2025 07:32 PM Similar Payees list
16 Mar, 2025 05:54 PM nesting reports
16 Mar, 2025 04:25 PM check printing
16 Mar, 2025 04:06 PM Bug causing number of shares to change when entering investment transactions

Recent Articles

Syncing with Other Computers
Recognise Downloaded Data
License Key Recovery
Upgrading
Confirm Downloaded Data