Vanguard OFX service issue - resolved
Probably just a temporary glitch, but I have not seen it before:
MD error message:
Account: S-Vangd TIRA
I'm sorry, an error occurred. The details of this error are below.
Error Description:java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177)
Console Window:
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; DCID=www21; path=%2F; domain=ofx.discovercard.com -> DCID=www21; path=%2F; domain=ofx.discovercard.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com -> NSC_pmvj2-NzNfssjmm-wt=9f52352e0000; path=%2F; domain=taxcert.mlol.ml.com
20241226-10:28:47.452 !Cannot send cookie back to source: https://vesnc.vanguard.com/us/OfxDirectConnectServlet; JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure -> JSESSIONID=C908827D64E0499F05F7F3BEE1A0B0F6; path=%2Fnetbenefits%2Fofx%2F; domain=nbofx.fidelity.com; secure
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:43 PDT ->
20241226-10:28:47.452 Unrecognized cookie parameter: Tue, 10-May-2022 09:07:45 PDT ->
java.lang.SecurityException: Server sent redirect from a secure connection to a non-secure connection. Stopping
at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.beginResponse(CustomURLStreamHandlerFactory.java:430) at com.moneydance.apps.md.controller.olb.CustomURLStreamHandlerFactory$HttpURLConnectionImpl.getResponseCode(CustomURLStreamHandlerFactory.java:455) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2702) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.sendMessage(OFXConnection.java:2560) at com.moneydance.apps.md.controller.olb.ofx.OFXConnection.getTransactions(OFXConnection.java:976) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:651) at com.moneydance.apps.md.view.gui.OnlineManager.downloadTransactions(OnlineManager.java:632) at com.moneydance.apps.md.view.gui.AccountDetailPanel.lambda$actionForService$10(AccountDetailPanel.java:460) at com.moneydance.apps.md.controller.BackgroundOpsThread.run(BackgroundOpsThread.java:177) 20241226-10:29:21.688 Online downloads (account: 'A-Vangd RIRA', service: 'Vanguard') finished...
20241226-10:29:28.626 Log setting 'DEBUG' has been changed to: Enabled
Showing page 4 out of 7. View the first page
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
91 Posted by dtd on 08 Jan, 2025 07:18 PM
You can undo an OFX import (if you do it basically immediately, i.e. before you do other things that might change the undo). - Assuming version 5172 as undo was improved somewhat recently, don't remember specifically when.
92 Posted by dtd on 08 Jan, 2025 07:23 PM
What I've done (especially during a transition like you are doing) is do an import, note what's changed, [and if terrible, undo], but if workable, I adjust things to conform to the new upload, as it will possibly have new FITIDs (uniqueness) and such.
If you move to MD+ (versus manual), there will be initially a bit of confusion, as the action steps are often different, especially for investments. (Div/Buy transactions versus DivReinvest, and so on - those you just massage toward the new way of doing it, or change the Sync Date so you have little/no overlap)
93 Posted by Tim on 08 Jan, 2025 07:27 PM
So, you're saying that after I Import my OFX file, there's an UNDO button or Option somewhere if I don't like the results? Where is that option ?
94 Posted by sth on 08 Jan, 2025 07:34 PM
cmd-Z or ctrl-Z for the winders folks.
Or edit->undo
95 Posted by Babo on 09 Jan, 2025 05:13 PM
Hello and thanks to all who have made lots of great suggestions and have phoned Vanguard directly. I want to add two things: First, although I was suspicious and worried about downloading and importing manually for my American Express account these past few months, I have to say it does work -- although with lots of extra keystrokes on my end. No fun! That experience emboldened me to do the same with Vanguard, where I have many separate accounts. It has been working, even with all the year-end transactions.
However, this is even less fun than dealing with Amex. So following the advice of others, I did contact Vanguard today by phone and had a long phone call with the representative. He added my situation to the three earlier documented Repair Ticket Numbers. I emphasized that this is no small thing, that it affects many clients (and owners as Vanguard is a mutually owned operation) and that many people, including myself, will think seriously about switching financial institutions. The rep got the message; whether management will, I am dubious. Thanks again to all working on this issue.
96 Posted by Manny on 09 Jan, 2025 06:30 PM
Thank you all for the comments.
I do have new transactions in the OFX file, but for some reason, they do not update the MD file. I tried to do the CVS, and there I got some changes, but only in the "Register" window where all transactions are shown. No update on the portfolio view. I can try updating the money market option manually.
As for undos, what I did was to manually delete the new transactions that I was able to see when using the CVS file for importing, and that took me back to my prior and last stable download.
Nonetheless, as others have mentioned, if we have to do this manually, I am not sure of the benefit of MD (understanding that it was Vanguard who has seemed to broke the protocol).
97 Posted by Tim on 09 Jan, 2025 06:36 PM
I finally received a response from Vanguard on my messages. They said :
"The third party software programs that Vanguard systems are currently designed to work with are Financial Engines, Turbotax, Quicken and Yodlee."
So they're saying that QUICKEN still "work" .. ??? Is that True? Can anyone confirm?
98 Posted by Tim on 09 Jan, 2025 07:19 PM
SO another follow-up question : Does MD utilize "PLAID" for the connection? Clearly they turned off "OFX Direct Connect". Any possibility moving to "Yodlee" ? Just some thoughts based on Vanguard's response above. If QUICKEN still functions, I just hate the idea of moving to a subscription service. This is why I moved to MD in the first place.
99 Posted by dwg on 09 Jan, 2025 08:33 PM
In discussions with the Developer some time ago Yodlee was raised.
It transpired that Yodlee's requirements cannot be met by a UK based company they would have to be US based or perhaps have a significant U.S presence, which would at the very least add to complexity and the company's costs.
100 Posted by he on 09 Jan, 2025 09:03 PM
@Tim, can confirm that Quicken does indeed work.
101 Posted by NewfD90 on 09 Jan, 2025 10:33 PM
I messaged with a "support specialist" today and was told that "...recent changes were made to our website's compatibility with different third party programs, ultimately due to security concerns around how their systems accessed data."
I am waiting for confirmation, but my reading of this is that they've shut off direct OFX downloads.
Gotta love how companies frame this as a "security issue". The security issue is their not wanting to be responsible for their client's secure access to their data and punt it to a third party. More secure for them, less secure for the client!
102 Posted by dwg on 09 Jan, 2025 10:38 PM
"Security" is a general excuse used in many cases. It is used time and time again to justify many things.
I don't think it is really more secure for them, and certainly not more secure for their customers by going through a third party, but less work and cheaper for them I could well believe.
103 Posted by dtd on 10 Jan, 2025 02:18 AM
@Manny, @Tim -
1. Yes, Plaid works with Vanguard, thus, MD+ can and does download Vanguard transactions in an automatic fashion, as does/did Direct Connect.
I have been downloading my Vanguard transactions with MD+ in a testing mode for months, and moved them to my live data last week. There are a couple of transition issues, but once those are handled, it's then straightforward... [Transition issues: initial duplicates given the FITID values are different (uniqueness checking); differences in the transactions, example: Div/Buy versus DivReinvest, and other minor changes.]
2. Quicken works because Quicken is now downloading Vanguard transactions through Intuit, an aggregator [and no, Intuit does not own Quicken anymore, I always get told that Intuit does own Quicken]. That's why Turbotax still works as well [Intuit DOES own Turbotax]
3. Vanguard's stated supported list basically is the new FDX standard that started the movement away from OFX direct connect about 2-3 years ago. Plaid is in that FDX list, though not mentioned by the Vanguard agent.
4. And yes the "security" issue is basically a crock that each bank uses as to "why they can't keep OFX direct connect as an automatic system".
Moneydance expected this gradual movement away from Direct Connect by creating MD+/Plaid 2-3 years ago. They also continue to look at other aggregators as time has passed. MD tried to join the FDX group as well, but were rebuffed for not having a U.S. presence, so could not be an aggregator themselves.
Hope that adds clarity.
104 Posted by dtd on 10 Jan, 2025 03:02 AM
@Babo, MD+ works with both Amex and Vanguard, so that might be an option for you.
There are many who don't want to use MD+, because it does involve trusting yet ANOTHER company to keep your money data secure.. So the security excuse used by banks is sad, because it really makes your data LESS secure, by getting another company involved with it.
Also, it's a money excuse, the banks save money - and these aggregators charge you to get YOUR data from them. That's why there is a charge for MD+, MD collects it, but the fee basically goes to Plaid.
Still, given I was losing USAA, Schwab, Chase, and more recently Amex and now Vanguard, I reluctantly am using MD+/Plaid now. Sometimes, unfortunately, convenience wins out over security/privacy. And of course most other financial packages want to see your data as well, or tell you how convenient it would be to store your data in the cloud! (not!)
105 Posted by Babo on 10 Jan, 2025 09:54 AM
@dtd Thanks for the suggestion. When MD+ first appeared, I gave it a brief try. For some reason, I had trouble making it work quite right for me so quickly threw in the towel. Now, however, as you suggest it may be my best option. Thanks again for taking the time to respond.
106 Posted by whitedavidp on 10 Jan, 2025 05:36 PM
I am still having this same issue on 1/10/25 @ 9:30am pacific.
I agree that more and more institutions are deciding that maintaining direct connect servers are a cost center, not a profit center. And in the true and steady course of our uber-capitalism, they may wish to stop supporting it.
But I would have guessed that were this the case now with Vanguard, they would simply shut down the server and have it just not respond to incoming requests at all. It seems that MD's attempt to connect is processed at least a bit. Obviously, I am not an expert.
In the past, I moved some of our Vanguard accounts to Fidelity - after confirming they supported direct connect - simply because Vanguard suddenly decided to charge for paper statements. I may be driven to move all of them as a result of loss of direct connect.
There is no way I am moving to any 3rd party. Best!
107 Posted by dtd on 10 Jan, 2025 06:54 PM
@whitedavidp - as a heads up toward the future, Fidelity indeed still supports direct connect. However if they stop direct connect, there is currently no way to get your data easily from them otherwise. i.e. they don't support manual OFX downloads, and the only 3rd party they support is Akoya (I know, this part isn't relevant to you).
Just fyi going forward - I have both Fidelity and Vanguard accounts, and am certainly glad Fidelity hasn't dropped direct connect (yet).
108 Posted by whitedavidp on 10 Jan, 2025 07:13 PM
Thanks. I did not know that Fidelity did NOT support manual download. I just checked and it seems all it can do is CSV. Rats!
109 Posted by Tim on 10 Jan, 2025 07:54 PM
@dtd - Thanks for all your comments & help with understanding this issue.
This is all very disappointing - and I let VANGUARD know how angry I was with this in the surveys that I was prompted to fill out. As I see it, these seem to be our only options:
- Stay with Vanguard & MD and do timely manual OFX downloads & merges.
- Switch to another Investment Co that supports OFX connections, with the possibility/probability they will abandon this feature in the future.
- Use MD for all non-investment activity (checking/savings) and just update those balances manually .. track investments stuff via a Spreadsheet.
- Switch back to QUICKEN and incur the outrageous cost of a Subscription (which brought me to MD in the first place).
- Seek out another Software product that doesn't require a Subscription but supports OFX.
Thanks to everyone involved in this. In the meantime, pressure needs to continue to be applied to VANGUARD, if you haven't done so yet.
110 Posted by jonh on 10 Jan, 2025 07:55 PM
On Jan 10, 2025, at 10:54, dtd <[email blocked]> wrote
@dtd: Thanks for this comment, I was mulling over a move from Van to Fid. You convinced me that it would likely be a waste.
I’ve had decent luck jumping through the qfx hoops for 6 accts using custom date range but it’s only been 2 weeks.
I’d prefer to avoid the jump to MD+ but it remains an option.
111 Posted by dtd on 10 Jan, 2025 09:22 PM
@tim - you've listed some options, the only one I find odd is the last one, as another product supporting OFX will have the exact same situation with Vanguard/others as Moneydance does.
So as not to hijack this Vanguard thread with software/purchase options, I'll just write what I have been doing:
Direct connect is dying a long drawn-out death. It really started in 2021 or so with FDX coming to fore (i.e. aggregators). I've lost USAA, Chase, Schwab, Amex, and probably Vanguard. That's way too many to download by hand. Moneydance reluctantly created MD+ (yes, an optional separate subscription purchase because they have to pay Plaid) to maintain automatic downloads for those banks leaving direct connect.
So, I opted to add MD+ for $40/year subscription.
You don't have to ever upgrade MD, but I want the latest (obviously given my participation level, right?) - and an upgrade is way less than $65, and restores the "good forever for two years bit" - so I only upgrade every two years.
You can do the math, and the Plaid price is high, but the sum of MD and MD+ is lower than Quicken in almost all cases. And of course, you can stick to manual downloads IF they are available, to save some money/privacy versus your time.
Yes, there are all the caveats about aggregator privacy/security, and so on, and I was reluctant to do the above, but for me, it works, especially for the number of banks I use to get downloads. And yes, it is convenience over privacy, sigh.
112 Posted by dtd on 10 Jan, 2025 09:32 PM
@jonh - I did exactly the same as you (download by hand) in 2021/2022 but sometime in 2023 it just got too much for me to do by hand and that was about when the non-direct connect bank accounts passed the ones still working with direct correct.
Made me curious, so I did a "current check", and - having already moved Vanguard to the non direct connect side, I now have three times as many "non" as I have "still direct connect". Sigh.
113 Posted by dtd on 10 Jan, 2025 09:39 PM
I think the MOST disappointing thing about this Vanguard situation is that NOT A SINGLE BANK that has dropped direct connect over the last 3 or so years has informed their customer that such was about to happen. Not a single time. Let's you know what priority the customer/client truly has with these banks, as opposed to THEIR bottom line.
114 Posted by buffo on 10 Jan, 2025 09:47 PM
Any advice for all the OFX users that might be switching to MD+ for Vanguard? Will securities match up properly and any transactions tweaking necessary?
I did a test on a new MD file and I did have to manually delete several "extra" transactions.
Thanks
115 Posted by dwg on 10 Jan, 2025 09:52 PM
Just to be a bit more accurate FDX is not really directly tied to being or using an aggregator. A big difference with FDX is that there is the use of tokens like there is with Open banking elsewhere so the username/password is not held by the party downloading the transaction they just hold a token that you authorize and can rescind.
Software like Moneydance could well take part in this, but as has been seen the financial houses really do not want anything to do with users directly downloading data, so moves to using FDX have been tied to moving to aggregators. It gives them the ability to say it is more secure because there is no password sharing but it is certainly not more private. Many of these aggregators use the data, and are upfront about it, for analysis and to sell the results.
116 Posted by jonh on 10 Jan, 2025 09:54 PM
@dtd: I don’t use Direct Connect for anything except securities. All credit card and bank or cash transactions are entered by hand every day (less than a handful of trans.). I do this to minimize my exposure to 3rd parties. I minimize my apps, preferring a browser for connectivity. Already there are massive data scraping of health care billing providers. I no longer answer my landline unless someone leaves a message. 4-6 calls per day are all hangup’s. This just started in mid-2024 (same time as data scraping got massive), I thought it was election related but it is still happening.
5 of my 6 Van accts are IRA related so there is no need to follow them carefully. With direct connect I usually did a download once a month and x-chk with my statements. I’m hoping .qfx works well enough that if I keep track of my prior download I won’t have dups.
The easy way to succeed with all this is to buy Win and mainstream apps (but too many are unsecure) and I refuse to go there. I struggled with IBM’s os/2 for 10 yrs, then linux, now Apple, all considered by industry to not be worth developing for. Now it seems Apple is starting to walk back their user privacy policy. MD itself seems secure enough and I started using it back in os/2 days because it was free & cross platform. I think it was v0.9x or something like that. But now I worry about breaches in java. Oh well.
117 Posted by dtd on 10 Jan, 2025 10:28 PM
@buffo - I gave a short bit on moving Vanguard to MD+ in msg 103. If you want me or others to elucidate on those points or provide tips, start a new thread on "Moving to MD+ from OFX" (most of what has to happen is the same for most banks) There are a couple of security matchup issues to work on...but mostly ok.
It isn't really hard, just there are some startup peculiarities, once done, it's "basically" like it was done with OFX, just not quite as good, and not as private as Moneydance tries to keep things.
118 Posted by david.d on 10 Jan, 2025 10:49 PM
Not to mention that transactions are delayed on Plaid, compared to when they are downloaded via OFX.
I reluctantly moved to MD+ back in 2022 when Discover abrubtly discontinued their OFX download. It works decently, but there was nothing wrong with OFX in the first place, only convenience. And companies are likely being paid by the aggregators, so they’ve turned a cost into a profit center. Late stage capitalism at its finest.
Jack Bogle is spinning in his grave.
— David
119 Posted by buffo on 10 Jan, 2025 10:51 PM
@dtd - Thanks for that reference to msg#103. When I'm ready to do the move to MD+ for Vanguard and encounter other issues, I will start a new discussion for others to follow.
120 Posted by sth on 11 Jan, 2025 03:04 PM
The financial institutions are making deals with the aggregators to shut out smaller operations like MD. It is not really more secure since Quicken will only share tokens with Intuit as an aggregator, yet the individual has to share login information with Quicken. So the FI doesn't have the login info, but the FI actually is the one that originally established the login/info so there is no security gain. The end user still has to have the login info to authorize the aggregator.
This is a scam by the FI and the aggregator to scrape more money from the individual and additionally acquire your financial data for their own gain.
One of the main advantages of MD is the data and its security being maintained on your own machine. Sean has emphasized that in every phase of the MD development. In choosing Plaid as the aggregator for MD+, his research showed it was the cheapest and most secure alternative. To me this focus on security is worth the cost and minimal two year upgrade cost. And it is less than those of the alternatives as well. Win-win!
Just because you have a few tranactions that you enter by hand does not protect you from the periodic check of downloading transactions to detect a fraudulent transaction that was not entered. Early detection can safe a lot of headache.