What does it mean when the SSL validation is failing, yet the OFX validation is passing?  See Fidelity Investments validation history recently for an example:

http://www.ofxhome.com/index.php/instit … istory/449

Starting 3 days ago Schwab's OFX server is suddenly returning Access Denied.  OFX verification has been failing since Oct 16:

http://www.ofxhome.com/index.php/instit … istory/979

Is anyone able to access this OFX server somehow?  Quicken is still able to access the server.  I suspect Schwab is blocking IP addresses, except for Quicken's servers.

Just to follow up on my initial post, Fidelity has just now started working again...

Hi jeanl,

Thanks for the reply.  I believe Quicken uses the same OFX server, and you can verify this in the Quicken OFX log files.  It shows what URL they are accessing.  I'm guessing that Fidelity is using something very specific, like the User-Agent header or something to deny everyone else except Quicken.  For reference, this is from a Quicken OFX Log:

<!-- ***** SEND to https://ofx.fidelity.com/ftgw/OFX/clients/download at 10:52:33 on 20200612 ***** -->

<!--
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

-->
<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20200612105233.123[-7:MST]
<USERID>johndoe100
<USERPASS>X<GENUSERKEY>N
<LANGUAGE>ENG
<FI>
<ORG>fidelity.com
<FID>7776
</FI>
<APPID>QWIN 
<APPVER>2700
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>66EEDD10-7D9E-1000-4511-E6D8976E9987
<ACCTINFORQ>
<DTACCTUP>19900101
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

I'm seeing this same problem as of today.  I posted about it here.  Is anyone else having this issue?

Thanks.

Fidelity Investments suddenly seems to have stopped working, giving an Access Denied error message.  Interestingly, Quicken is still working.  Any ideas?  Here is a sample request:

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20200612170106.189
<USERID>jsad
<USERPASS>[myuserpass]
<LANGUAGE>ENG
<FI>
<ORG>fidelity.com
<FID>7776
</FI>
<APPID>QWIN
<APPVER>2600
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>32249-FM7-20200612170106.189-189
<ACCTINFORQ>
<DTACCTUP>19700101000000
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

and the response is:

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;ofx&#46;fidelity&#46;com&#47;ftgw&#47;OFX&#47;clients&#47;download" on this server.<P>
Reference&#32;&#35;18&#46;1c003417&#46;1591981265&#46;9443b39
</BODY>
</HTML>

This looks very similar to a prior problem posted in this forum with the subject "Fidelity stopped working after using Quicken?" (I couldn't link it because of a link limit).  It also looks like the OFX validation just started failing today, as seen in validation history for Fidelity Investments.

7

(6 replies, posted in Bugs/Troubleshooting)

Hi Jesse,

Excellent site, I'm glad I found it.  It looks like the validation script isn't running again?  For example:

http://www.ofxhome.com/index.php/institution/view/500

Does not look like it has been validated since 2009...

Also, what is being validated?  Are you just testing that you can connect to the server?

Thanks.

8

(1 replies, posted in General)

I am curious when/how the different servers are getting validated?  I see the validation history, but some of them haven't been validated in a while.  Is this something done by ofxhome, or provided by users, or how is the validation done?  Thanks.