Vanguard Download Error - SecurityException: Server sent redirect from a secure connection to a non-secure connection.

avp2's Avatar

avp2

26 Dec, 2024 08:44 PM

Probably just a temporary glitch, but I have not seen it before:

MD error message:
Account: S-Vangd TIRA
I'm sorry, an error occurred. The details of this error are below.
Error Description:java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177)

Console Window:
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; DCID=www21; path=%2F; domain=ofx.discovercard.com -> DCID=www21; path=%2F; domain=ofx.discovercard.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com -> NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure -> JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:43 PDT ->
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:45 PDT ->
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177) 20241226-10:29:21.688 Online downloads (account: 'A-Vangd RIRA', service: 'Vanguard') finished...
20241226-10:29:28.626 Log setting 'DEBUG' has been changed to: Enabled

  1. 1 Posted by dtd on 26 Dec, 2024 10:06 PM

    dtd's Avatar

    I'm getting the exact same glitch for my vanguard accounts using direct connect (assume that's what you are using).

    Also new to me, and hopefully temporary (as most have been recently) versus the always potential scary dropping of that download method.

    The longest I've seen with these periodic Vanguard messages (they keep coming up with new ones) is about 5 days. Most are 1-2.

  2. 2 Posted by avp2 on 26 Dec, 2024 10:09 PM

    avp2's Avatar

    Thanks for the info. I hope temporary too. Vanguard has been pretty solid for me over the last 10yrs.

  3. 3 Posted by kuryan.thomas on 27 Dec, 2024 05:11 PM

    kuryan.thomas's Avatar

    This comment was split into a new private discussion: Vanguard Download Error - SecurityException: Server sent redirect from a secure connection to a non-secure connection.

    I see the same error. Since I already subscribe to Moneydance+ for my bank and credit card accounts, I just converted the Vanguard accounts to use Moneydance+ and it seems to download correctly.

    Does anyone know how to disable the OFX Direct connection so it doesn't ask which connection method I want to use? Thanks.

  4. 4 Posted by whitedavidp on 27 Dec, 2024 05:38 PM

    whitedavidp's Avatar

    I am seeing this as well starting the morning of 12/27/2024. I hope as well that it is a temporary glitch.

  5. 5 Posted by sth on 27 Dec, 2024 08:58 PM

    sth's Avatar

    If you load the URL in the browser it says "temporary" but I am not so sure that is true.

    https://vesnc.vanguard.com/us/OfxDirectConnectServlet

    One can still download OFX files directly form vanguard just not through the process from MD. It may be that the FI data for vanguard has to be updated by MD.

  6. 6 Posted by jonh on 28 Dec, 2024 05:28 AM

    jonh's Avatar

    Same here. I have 6 different accounts @van and all fail the same way. They worked fine on Friday nite.

    FWIW, Fidelity works fine.

    Looking at Console window, there are references to Cookie errors. This seems odd unless that refers to the dtg of original setup:
    20241227-21:24:02.091 Unrecognized cookie parameter: Sat, 30-Apr-2022 16:29:32 PDT ->

  7. 7 Posted by sth on 28 Dec, 2024 06:08 AM

    sth's Avatar

    It is a specific error to Vanguard. The cookie errors are normal. The issue is that the information for vanguard goes to download from a secure (https) site and is redirected by the Vanguard servers to an insecure (http) site. That may be an error page or something.

    Possibly the Vanguard information for downloading needs to be updated by MD. Or Vanguard has permanently turned off downloading by PFM software such as MD. They may be forcing switching to the more secure FDX files which require Plaid or other system to access.
    (NOT IK Support)

  8. 8 Posted by jonh on 28 Dec, 2024 06:34 AM

    jonh's Avatar

    Thanks.
    I omitted from my post that I’m using a Mac Mini and latest MacOS.
    I’m going to try my Linux box after I get my MD sync’d from Dropbox just to see what happens.

  9. 9 Posted by jonh on 28 Dec, 2024 07:00 AM

    jonh's Avatar

    FWIW, I get the same error downloading Van transactions running in Linux.

    If I log on to my Vanguard account I can download a Quicken .qfx file which is an OFX file. I can also download a .csv file.

    So nice that this happens right at the end of the year :-(

  10. Support Staff 10 Posted by Jenny on 28 Dec, 2024 10:23 AM

    Jenny's Avatar

    Hi all,

    I'm sorry to hear about the problems you've encountered.

    I have checked the Vanguard connection details - they are up to date and no changes are required. Hopefully, this is a temporary outage at the banks end. I will keep an eye on this, and we can investigate further if the problems persist next week.

    --
    Jenny, Infinite Kind Support

  11. 11 Posted by he on 28 Dec, 2024 02:45 PM

    he's Avatar

    I'm also having a problem similar to what others have posted. Given how many users are affected by this, particularly at year end, may I suggest this be escalated?

    EDIT: Given the seriousness of this problem (timing + unable to download any Vanguard account), I fired up Quicken and was able to download all my Vanguard accounts using Quicken's native downloader. I don't believe this problem lies uniquely with Vanguard.

  12. 12 Posted by cdr on 28 Dec, 2024 04:18 PM

    cdr's Avatar

    Same problem here with Vanguard.
    Hope this gets corrected soon.

  13. 13 Posted by Ben McCann on 28 Dec, 2024 04:34 PM

    Ben McCann's Avatar

    I'm seeing this too; have been for several days now. My last successful
    connection with Vanguard was around 12/14/2024.

    I bet everyone watching this conversation in the forum is affected by this
    bug.

    On Sat, Dec 28, 2024 at 11:18 AM cdr <[email blocked]>
    wrote:

  14. 14 Posted by sth on 28 Dec, 2024 04:50 PM

    sth's Avatar

    The error is on the Vanguard end of things and changing hardware or OS locally will not give different results. It is very good that MD checks for a redirection to an insecure URL and prevents it from happening. But until Vanguard takes action MD will not be able to connect to their download from linux, Mac, or Windows.

    You can call Vanguard and start an issue of being unable to download financial information directly. You can also start a complaint that their description of reinvesting dividends is "DIVIDENDREINVESTDIVIDENDREINVEST" which is not helpful either. I have a complaint in about that, but they always ignore the first complaint.

    You can switch to using Plaid.

    NOTE: QFX is NOT OFX. Similar but one has a public definition. MD will read either.

    NOTE2: Not everyone in this forum uses Vanguard and may be blissfully unaware of this problem. Of the only 13 people watching this conversation, some are just helpful and trying to keep up with issues and may not be affected. It is not a bug, MD is working fine as designed. Vanguard may have changed their policies as designed.

  15. 15 Posted by dkbarnes01 on 28 Dec, 2024 05:16 PM

    dkbarnes01's Avatar

    Same problem here. I sure hope it gets fixed soon. The majority of my credit transactions are with Chase (which no longer works for direct connect) and the majority of my investments are with Vanguard. If this continues, I'll have to look for different software.

  16. 16 Posted by lkeppeljunk on 28 Dec, 2024 05:20 PM

    lkeppeljunk's Avatar

    kuryan.thomas: "Does anyone know how to disable the OFX Direct connection so it doesn't ask which connection method I want to use? Thanks."

    To disable the direct connection, select the Account you wish to disable, Select Online>>Set Up Online Banking and click on Disable.

  17. 17 Posted by jonh on 28 Dec, 2024 05:32 PM

    jonh's Avatar

    I also wonder if this is simply an expired cert at one of the sources of the data.

  18. 18 Posted by sth on 28 Dec, 2024 06:49 PM

    sth's Avatar

    @dkbarnes01, I am sure your threat is a great motivator. Actually since the fault is Vanguard you should threaten them with changing brokerage houses. :-)

    However, name other software that does not store your personal financial information on the web and available for browsing by the software company? I don't know of any. And even those that do are very costly subscriptions. Much more costly than the solution of subscribing to Plaid. One could say that it is already fixed. And would allow Citibank downloads as well.

    Any company that does keep your information private is going to have problems when banks stop direct connect for data transfers. The banks/investment companies get extra income from your data and thus wish to become the aggregator and make it harder for others. Sure, Vanguard would love you to enter all your financial information with them.

    (NOT IK support or speaking for anyone at IK)

  19. 19 Posted by sth on 28 Dec, 2024 06:55 PM

    sth's Avatar

    @lkeppeljunk

    @kuryan.thomas: "Does anyone know how to disable the OFX Direct connection so it doesn't ask which connection method I want to use? Thanks."

    To disable the direct connection, select the Account you wish to disable, Select Online>>Set Up Online Banking and click on Disable.

    If one has already connected to MD+ the option to disable is not visible. You can use Toolbox extension to disable it. Or disable MD+, disabled Direct Connection, then reenable MD+
    (Toolbox +1)

  20. 20 Posted by Stuart Beesley ... on 28 Dec, 2024 07:41 PM

    Stuart Beesley (Mr Toolbox)'s Avatar

    @lkeppeljunk - assuming you have disabled the ofx/dc profiles (?), then try running toolbox, update mode, online banking tools, cleanup banking links.

  21. 21 Posted by BillBBK on 28 Dec, 2024 10:09 PM

    BillBBK's Avatar

    I'm also having the problem, so tried switching to download with Moneydance+ since I already have that. But that downloaded a confusing set of duplicate transactions, so I reverted to a backup and will hope this gets fixed soon.

  22. 22 Posted by dtd on 29 Dec, 2024 02:35 AM

    dtd's Avatar

    BillBBK - when you move to MD+, the hidden FTID which prevents duplicates is totally different between direct connect and Moneydance+ - so it must show the duplicates as the FITID says "hmmm - these are not the same!" [Also, you could have just deleted the confusing set versus resorting to a backup]

    This is all a one time thing, well at least if you change and then stay there. You'd either delete the direct ones and reconcile the new ones, or make sure the sync date is set beyond the duplicates, and you can delete the new ones (otherwise they would keep redownloading)

    There are differences in the downloads - which might be why it is confusing. For example, I just did it with one of my accounts [I deliberately have both Direct Connect and MD+ set up for Vanguard, since I test these things and have done so for quite some time - USAA, Chase, Amex, and others as they got rid of direct connect] and one in particular for Vanguard is direct connect downloads a DivReinvest record while MD+ downloads two transactions - a Div and a Buy. There may be other changes.

    So, yes confusing, but will be necessary if it is determined that Vanguard is dropping (has dropped) direct connect. The same was true of the others I've mentioned.

    As for Moneydance "needs to escalate this issue" or "I may need to get different software" or "it works with Quicken" ... MD can't fix anything if Vanguard drops direct connect (as others have).

    And actually MD already escalated the issue about 2 years ago - they created MD+/Plaid - a necessary addition because banks have been dropping direct connect. That works, just as "Quicken works with Vanguard" - as Quicken uses Intuit as their aggregator similar to MD+/Plaid - and no, Intuit no longer owns Quicken, hasn't for some time, so Quicken hires Intuit, just as Moneydance hired Plaid...

    Hope that helps, and I also hope this issue evaporates and starts working again, but I've seen this happen before, and direct connect appears to be slowing dying, as banks want to pawn off responsibility to other sources.

  23. 23 Posted by dtd on 29 Dec, 2024 02:37 AM

    dtd's Avatar

    Oh, and yet another option, of course, is to manually download the OFX file for each account and import it... and yes, the same duplicates issue may arise, but you can do the same with these downloads as I suggested with MD+ if you must be updated through Jan 1.

  24. 24 Posted by dtd on 29 Dec, 2024 02:40 AM

    dtd's Avatar

    Me? Again, I have both in place and have learned how to quickly eliminate any duplication (especially as I go back AND forth) so for me it is more academic.

    If this is permanent, my obvious choice would be to move to MD+ and stay there, but I still prefer direct connect if available, as it is faster and more reliable (if it is working, of course.... :( )

  25. 25 Posted by avp2 on 29 Dec, 2024 04:41 PM

    avp2's Avatar

    For me, OFX downloads are also more “current” than than PLAID, which is often a couple days behind real time.

  26. 26 Posted by dtd on 29 Dec, 2024 10:36 PM

    dtd's Avatar

    Talked with my resident expert on OFX downloading (hleofxquotes) today:
    (we are both users, not associated with MD/IK)
    --------------------------------

    It does look like Vanguard has stopped working. I do have Vanguard accounts though I no longer do the auto-download for OFX on regular basis. Current state:

        vanguard server will allow connection
        but then will issue a "not found" error

    < HTTP/1.1 302 Security Redirect
    < Location: http://www.vanguard.com/notfound.htm
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Expires: 0
    < Connection: close

    pointing to an URL that itself does not exist

    http://www.vanguard.com/notfound.htm
    ------------------------

    My (hleofxquotes) suggestion is for someone with some "clout" with Vanguard (i.e. someone with account with substantial holding and have some direct contact) to log a "support" case stating

        OFX connection https://vesnc.vanguard.com/us/OfxDirectConnectServlet
        is returning a redirect to an invalid URL

    < HTTP/1.1 302 Security Redirect
    < Location: http://www.vanguard.com/notfound.htm
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Expires: 0
    < Connection: close
    -------------------------------------

    So, @sth, you called this one in your above messages...
    I (dtd) feel this provides some info, and it doesn't appear to look good, but it could be either accidental or deliberate. It could be temporary or permanent. We will see.

  27. 27 Posted by dtd on 29 Dec, 2024 10:38 PM

    dtd's Avatar

    @Jenny at MD/IK - does MD/IK have any clout here? - Would this be good for you to report to Vanguard and see what their response is?

  28. 28 Posted by sth on 30 Dec, 2024 10:36 PM

    sth's Avatar

    Just FYI: Those of use with accounts at Vanguard have a LOT more clout/pull with Vanguard than IK/MD. There have been cases where financial institutions who get a few dozen calls have reversed policy so go ahead an call, put your phone on speaker while doing something useful [ like answering questions in the forums! :-) ]

    After a long time on hold, I got a "sales rep" who has no idea what I am talking about. He is transferring me to "account maintenance" and there is an hour wait since they are slammed by end of year issues.

    Now reaching out to "technical support team". Will report if I eventually get a ticket number or official statement.

    Of course they seem to have taken OFX/Direct Connect capability off line during their busy season which is not good.

  29. 29 Posted by david.d on 30 Dec, 2024 10:44 PM

    david.d's Avatar

    I've been having the issue too, and watching the discussion. Just tried again and all accounts seem to have downloaded normally. Can't verify as there were no new transactions, but it seems to be fixed.

    Update: I deleted the most recent transaction, then successfully downloaded it. Please confirm for yourselves.

  30. 30 Posted by jonh on 30 Dec, 2024 11:08 PM

    jonh's Avatar

    @david.d
    Thanks for posting!! I don't have any new transactions but the download did not error out as it used to.

    Checking again 3 hrs later and I get the same problem. It worked for a little bit and now it's buggered again, same error in Console log as before.

    20241230-18:26:59.463 Unrecognized cookie parameter: Sat, 30-Apr-2022 16:28:57 PDT ->
    20241230-18:26:59.463 Unrecognized cookie parameter: Sat, 30-Apr-2022 16:29:32 PDT ->
    java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac