Connection to Technology Credit Union

Wed Dec 27 00:16:08 EST 2017

> On Dec 26, 2017, at 10:30 PM, Steve Kelem <steve at kelem.net> wrote:
> 
>   In the OFX DirectConnect User Setup, I have:
> 
>    AqBanking Setup:
> 
>      Users:
> 
>        Bank Settings:
> 
>   Bank Name: Technology Credit Union
>   Broker Id: <blank>
>   FID: 121181976
>   ORG: TECHCUDC
>   Server URL [1]https://m.techcu.com/ofxserver/ofxsrvr.dll
> 
>        Application Settings:
> 
>   Emulated Application: Intuit Quicken Windows 2013
>   Application ID: QWIN
>   Application Version: 2200
>   Header Version: 102
> 
>      Accounts:
> 
>   Account Number: <ddddd>S:0000 for share
>   Account Name: SHARE SAVINGS
>   IBAN: <blank>
>   Owner Name: <your name>
>   Currency: US Dollar (USD)
>   Account Type: Savings Account
>   Country: United States of America
>   Bank Code: 121181976
>   Bank Name: 121181976
>   SWIFT BIC: <blank>
>   Selected User: <filled in when you Retrieve Account List, under Bank
>   Settings>
> 
>   Steve
> 
>   Carmelo Pagán wrote on 12/05/2017 12:06 PM:
> 
> Hello All,
> 
> 
> 
> I was wondering if anyone has successfully setup OFX direct connect for this
> financial institution (Technology Credit Union)?
> 
> 
> 
> OS: Windows 10 64-bit
> 
> GnuCash version: 2.6.18
> 
> AqBanking version: v5.6.12.0 stable
> 
> 
> 
> 
> 
> This is what I am getting when setting up the user:
> 
> Settings/steps:
> 
> 1.       Click “Tools”->”Online Banking Setup”. Result: AqBanking Initial
> assistant is displayed
> 
> 2.       Click “Forward”. Result: “Start AqBanking Wizard” button displayed
> 
> 3.       Click ”Start AqBanking Wizard” button. Result: AqBanking Setup
> widow is displayed.
> 
> 4.       Click “Create User”. Result: New User Wizard dialog box displayed
> 
> 5.       Click “Next”. Result: Protocol choice dialog box displayed.
> 
> 6.       Click “OFX-DirectConnect backend” radial button.
> 
> 7.       Click “Next” Result: Message box displayed
> 
> 8.       Click “Run”. Result: Message: This dialog assists you….yada yada
> 
> 9.       Click “Next”. Result: OFX-DirectConnect Setup window displayed.
> 
> 10.   Click “Select”. Result: Select a Bank dialog box displayed
> 
> 11.   Type “Technology Credit Union” in “Bank Name” box. Click “Next”.
> 
> 12.   Select (Highlight) “Technology Credit Union (801). Click “Ok”. Result:
> Return to “OFX-DirectConnect Setup” window with <FID> <ORG> and <Server URL>
> fields filled in
> 
> 13.   Click “Next”. Result: dialog box asking for User name info.
> 
> 14.   Typed “(My_Name)” in “User Name” field.
> 
> 15.   Typed  “(my_login_user_Id)” in “user Id field. Left “Client UID” field
> blank. Clicked “Next” Result: Application Emulation dialog box displayed
> with <Application ID>=QWIN, <Application Version:=2200, and <Header
> Version>=102 (also tried with header version 103).
> 
> 16.   Click “Next”, then “Next” again. Resulting log messages:
> 
> 14:00:11 Retrieving SSL certificate
> 
> 14:00:11 Connecting to server...
> 
> 14:00:11 Using GnuTLS default ciphers.
> 
> 14:00:11 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-CBC:SHA1
> 
> 14:00:11 Signer not found
> 
> 14:00:11 Certificate is not trusted
> 
> 14:00:14 Connected.
> 
> 14:00:14 Disconnected.
> 
> 14:00:14 Connection ok, certificate probably received
> 
> 14:00:14 Operation finished, you can now close this window.
> 
> 14:05:50 Sending request
> 
> 17.   Close Box
> 
> 18.   Click “Next”. Result:
> 
> 14:48:12 Sending request...
> 
> 14:48:12 Using GnuTLS default ciphers.
> 
> 14:48:12 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-CBC:SHA1
> 
> 14:48:12 Signer not found
> 
> 14:48:12 Certificate is not trusted
> 
> 14:48:12 Waiting for response...
> 
> 14:48:12 Error on gnutls_bye: -24 (Decryption has failed.)
> 
> 14:48:12 Parsing response...
> 
> 14:48:12 Parsing response
> 
> 14:48:12 Status for signon request: Signon invalid (Code 15500, severity
> "ERROR")
> 
> The user cannot signon because he or she entered an invalid user ID or
> password.
> 
> 14:48:12 Status for account info request: Signon invalid (Code 15500,
> severity "ERROR")
> 
> The user cannot signon because he or she entered an invalid user ID or
> password.
> 
> 14:48:12 Operation finished, you can now close this window.
> 
> 
> 
> 19.   Click “Finish”
> 
> 20.   Click “Accounts” tab.
> 
> 21.   Click “Create Account”. Result: Dialog box asking to confirm backend
> 
> 22.   Click “Ok” Result: “Edit Account” dialog  box
> 
> 23.   Under Account Info section, Entered <Account Number>, <Account Name>,
> <Owner Name>=(My name).
> 
> 24.   Selected “USD” for <Currency>
> 
> 25.   Under Bank Info section, selected  “United States of America (US)”
> under <Country>
> 
> 26.   Entered (ABA Transit Number) Under <Bank Code>
> 
> 27.   Entered “Technology Credit Union” under <Bank Name>
> 
> 28.   Selected previously setup user under <Selected Users>
> 
> 29.   Clicked “Ok”
> 
> 30.   Repeated steps 23 thru 31 to enter Savings account. Result: return to
> “AqBanking Setup” box
> 
> 31.   Clicked “Close”. Result return to “AqBanking Initial Assistant”
> 
> 32.   Clicked “Close”. Result: “Match Online accounts with GnuCach accounts
> 
> 33.   Double clicked first account listed. Result: “Select account” window
> displayed.
> 
> 34.   Selected previously created GnuCash Checking account. Clicked
> “Forward”
> 
> 35.    Repeated steps 34 and 35 for GnuCash savings account. Clicked
> “Forward”
> 
> 36.   Clicked “Apply”
> 
> 37.   Clicked GnuCash Checking account tab
> 
> 38.   Clicked “Actions”-->”Onliine Actions”-->”Get Transactions”. Result:
> Selection box for date range displayed
> 
> 39.   Select/Enter Date range. Press “Ok”. Result: “Enter Password” box
> displayed.
> 
> 40.   Entered password. Clicked “Ok”. Result:
> 
> AqBanking v5.6.12.0stable
> 
> Sending jobs to the bank(s)
> 
> Locking user pagan8858
> 
> Sending request...
> 
> Connecting to server...
> 
> Resolving hostname "m.techcu.com" ...
> 
> IP address is "66.126.188.93"
> 
> Connecting to "m.techcu.com"
> 
> Connected to "m.techcu.com"
> 
> Using GnuTLS default ciphers.
> 
> TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-CBC:SHA1
> 
> Signer not found
> 
> Certificate is not trusted
> 
> Connected.
> 
> Sending message...
> 
> Message sent.
> 
> Waiting for response...
> 
> Receiving response...
> 
> HTTP-Status: 200 (OK)
> 
> Response received.
> 
> Disconnecting from server...
> 
> Disconnected.
> 
> Parsing response...
> 
> Parsing response
> 
> Status for signon request: Signon invalid (Code 15500, severity "ERROR")
> 
> The user cannot signon because he or she entered an invalid user ID or
> password.
> 
> Status for transaction statement request: Signon invalid (Code 15500,
> severity "ERROR")
> 
> The user cannot signon because he or she entered an invalid user ID or
> password.
> 
> Unlocking user pagan8858
> 
> Postprocessing jobs
> 
> Job Get Balance: finished
> 
> Resetting provider queues
> 
> 
> 
> It would seem that TechCU is not accepting the login. I have the header set
> to 103 in order to accept Multi-Factor-Authentication from the Server.  I
> suspect it’s TechCu needing to “Flip a Switch” on their side.  Sent email to
> bank. No response yet.  Any thoughts?? Any/all helpful comments welcome.
> 
> 
> 
> Thanks,
> 
> Carmelo Pagan
> 
> Sr. SQA Engineer (retired)
> 

I don’t have an account with the referenced credit union, so I can’t test any of these guesses, but…

There’s a pretty good chance that if you want the bank to handle multifactor identification, then you’ll have to set the Application Version to something higher than 2200. 2500 works for me with Chase credit cards, so it is at least new enough for now. There is even a chance that 2200 is too old for any Quicken server software at banks, as Quicken revokes access to online connections after a certain age (nominally 3 years, but sometimes it runs until after tax season of the next year). If that time frame is correct, Quicken 2013 will already be deemed too old to use by the credit union’s copy of Quicken server software.

Also, if you do need Header version 103, then you’ll need to enter a ClientUID in the Aqbanking setup dialogs for the credit union. I think it is in the same page as the Application Version.

And if you do need multifactor authentication, then you’ll have to find out how the credit union handles validation of the ClientUID you do enter. The good news is that each copy of Quicken has an inaccessible ClientUID assigned to it, so banks have to have some way to decide whether or not to accept the UID outside the normal DirectConnect session stream. Since ‘no one’ can control what that ID is in the Quicken world, aqbanking’s approach to sending the information does work (once you find out how to authenticate with the credit union).

--
Dave Reiser
dbreiser at icloud.com