Trouble with OFX and my bank, Kinecta Federal Credit Union

Mon Feb 1 21:32:35 EST 2016

Hmm. If you want to grasp at straws:
  Launch Gnucash with the logging option you used earlier
  Update the Application Version to 2500 (might as well make it the most recent)
  Change the Header Version in the same dialog from “102” to “103”
  Back on the User Settings tab in the same dialog, paste a UUID into the Client UID box

To get a UUID, go to the Terminal.app and type

uuidgen

copy the output, paste it into an editor and strip out the hyphens. Paste the remaining characters into  the Client UID entry.

Now try a connection.

The only reason this setup would work would be that Kinecta has flipped the switch in Intuit’s server software to require multifactor authentication. Quicken totally hides the Client UID from users. So Kinecta wouldn’t have mentioned it any time, because it isn’t on their scripts. However, the bank does need to do something to verify that the Client UID that some version of Quicken sent them does in fact belong to your copy of Quicken instead of someone else’s. When Chase flipped the switch in November, there was a note in the ofx.log saying something like “go check your secure email at Chase.com <http://chase.com/>”. Then there was another hoop to jump through after logging into the web site.

There is also the possibility that you’ve tripped some maximum number of login attempts without succeeding. Even if multifactor authentication was the cause, you may have to find some way to have the bank reset your access. 

Dave
--
Dave Reiser
dbreiser at icloud.com

> On Feb 1, 2016, at 8:18 PM, Bill De La Vega <billdlv81 at gmail.com> wrote:
> 
> It is set at 2200. Intuit 2013.
> 
> Thanks,
> Bill
> 
> 
> On Mon, Feb 1, 2016 at 4:53 PM, David Reiser <dbreiser at icloud.com <mailto:dbreiser at icloud.com>> wrote:
> Nothing obvious there. What are you using for the Application Version? (Aqbanking setup, Edit User, Application Settings tab). Anything less than 2200 is probably locked out of directconnect activity under Intuit’s forced obsolescence plan.
> 
> Dave
> --
> Dave Reiser
> dbreiser at icloud.com <mailto:dbreiser at icloud.com>
> 
> 
> 
> 
> 
> > On Jan 25, 2016, at 8:42 PM, Bill De La Vega <billdlv81 at gmail.com <mailto:billdlv81 at gmail.com>> wrote:
> >
> > Hello I am using version 2.6.11  rev f67faa2+ on my Mac (10.10.5).  I am
> > getting the following error when I try and setup accounts for OFX.
> >
> > When I setup a new user, I go through the process and the first connection
> > looks like this.
> >
> > 17:37:15 Retrieving SSL certificate
> > 17:37:15 Connecting to server...
> > 17:37:15 Using old SSL preparation code.
> > 17:37:16 TLS: SSL-Ciphers negotiated: TLS1.2:RSA-AES-128-CBC:SHA256
> > 17:37:16 TLS: Warning - The server has chosen unsafe SSL-Ciphers!
> > 17:37:16 Connected.
> > 17:38:17 Disconnected.
> > 17:38:17 Connection ok, certificate probably received
> > 17:38:17 Operation finished, you can now close this window.
> >
> > For the next step, when I try and retrieve the accounts list, I get the
> > following.
> >
> > 17:39:12 Sending request...
> > 17:39:12 Using old SSL preparation code.
> > 17:39:13 TLS: SSL-Ciphers negotiated: TLS1.2:RSA-AES-128-CBC:SHA256
> > 17:39:13 TLS: Warning - The server has chosen unsafe SSL-Ciphers!
> > 17:39:13 Waiting for response...
> > 17:39:13 Parsing response...
> > 17:39:13 Parsing response
> > 17:39:13 Status for signon request: Signon invalid (Code 15500, severity
> > "ERROR")
> > The user cannot signon because he or she entered an invalid user ID or
> > password.
> > 17:39:13 Status for account info request: Signon invalid (Code 15500,
> > severity "ERROR")
> > The user cannot signon because he or she entered an invalid user ID or
> > password.
> > 17:39:13 Operation finished, you can now close this window.
> >
> > I have tried using my pin instead of my password, I get the same result.  I
> > have confirmed that I can access my account using the same credentials via
> > the bank's website.
> >
> > When I contacted the bank, they said they don't support gnu cash (no
> > surprise there).  From what I have read so far online, several people claim
> > to be able to access this bank.  If I try and add an account manually, I
> > get the same type of error.
> >
> > Thanks,
> > Bill
> > _______________________________________________
> > gnucash-user mailing list
> > gnucash-user at gnucash.org <mailto:gnucash-user at gnucash.org>
> > https://lists.gnucash.org/mailman/listinfo/gnucash-user <https://lists.gnucash.org/mailman/listinfo/gnucash-user>
> > -----
> > Please remember to CC this list on all your replies.
> > You can do this by using Reply-To-List or Reply-All.
> 
> 