Bug 315760 - Unable to map to and online accounts at Capital One Bank
Summary: Unable to map to and online accounts at Capital One Bank
Status: RESOLVED FIXED
Alias: None
Product: kmymoney
Classification: Applications
Component: general (show other bugs)
Version: 4.6.3
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: KMyMoney Devel Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-25 17:54 UTC by KnowUNIX
Modified: 2014-08-01 07:01 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description KnowUNIX 2013-02-25 17:54:50 UTC
The excellent KMyMoney program began giving me an error msg when I tried to update the account.  It has been working very well for me for the past several years through the aqhbanking backend.

Here is the error msg:  

ERROR #2000 General error: "Error other than those specified by the remaining error codes. (Note: Servers should provide a more specific error whenever possible. Error code 2000 should be reserved for cases in which a more specific code is not available.)"
Server message: This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4,

I called them several times and spoke to numerous people.  The last one told me that security enhancements around the number of auth devices were made to the supported Quicken software package and the servers to enhance security.  Since I was using un-supported software, I could only hope that it worked after removing and re-adding my online account . . . for which I did and even tried the slick, new built-in and still no light at the end of the tunnel.

It would save a lot of work to get this working again!

Reproducible: Always

Steps to Reproduce:
1.Account  =>  Map to online account
2.KMyMoney OFX
4. Select Capital One Bank  => Next
3. Enter User Name, Password, Quicken 2011 and either version => Next
Actual Results:  
ERROR #2000 General error: "Error other than those specified by the remaining error codes. (Note: Servers should provide a more specific error whenever possible. Error code 2000 should be reserved for cases in which a more specific code is not available.)"
Server message: This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4,

Expected Results:  
I expected the program to download my data

I'll never switch back to Windows or Quicken, so I'm rooting for a quick fix or I'll need to start typing my data in!  Thanks for a great program and your time!
Comment 1 Jack 2013-02-25 18:56:43 UTC
I know nothing about aqbanking, but if (as I suspect) the actual connection is really made by libofx, if you create an empty file in your home directory named ofxlog.txt.  Then, the next time you try to connect, you will get a more detailed log of the connection in that file.  That might give a hint, or you can post it here, after making sure to remove data such as account number or any password.

Most OFX server software is (in my opinion) notoriously bad about providing useful error messages.  In this case, it could be the version of Quicken it doesn't like, but without a more detailed message or log, we can't be sure.
Comment 2 KnowUNIX 2013-02-26 13:39:57 UTC
Here is the content of the file:

---[snip]
url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100^M
DATA:OFXSGML^M
VERSION:103^M
SECURITY:NONE^M
ENCODING:USASCII^M
CHARSET:1252^M
COMPRESSION:NONE^M
OLDFILEUID:NONE^M
NEWFILEUID:20130226082306.000^M
^M
<OFX>^M
<SIGNONMSGSRQV1>^M
<SONRQ>^M
<DTCLIENT>20130226082306.000^M
<USERID>[private]^M
<USERPASS>[private]^M
<LANGUAGE>ENG^M
<FI>^M
<ORG>Hibernia^M
<FID>1001^M
</FI>^M
<APPID>QWIN^M
<APPVER>2000^M
</SONRQ>^M
</SIGNONMSGSRQV1>^M
<SIGNUPMSGSRQV1>^M
<ACCTINFOTRNRQ>^M
<TRNUID>20130226082306.000^M
<CLTCOOKIE>1^M
<ACCTINFORQ>^M
<DTACCTUP>19691231^M
</ACCTINFORQ>^M
</ACCTINFOTRNRQ>^M
</SIGNUPMSGSRQV1>^M
</OFX>^M

response:
---[snip]

It seems I am no longer getting the Error 2000 message.  I'm guessing that maybe they blocked my IP considering all my failed attempts as a security threat . . . [sigh]
Comment 3 Jack 2013-02-26 14:11:57 UTC
What was after the "response:"  and "---" lines?  If there was NO response at all, that seems like a communications problem, not an OFX problem.  KMM would have said something about a timeout.  Did you get ANY error message?
Comment 4 KnowUNIX 2013-02-26 15:25:38 UTC
In response to your question; the transaction times out and displays there are no accounts.

I played around some more and was able to get a response.  Here is the complete text from the file:

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130226101553.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130226101553.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>1700
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130226101553.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130226101553

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130226151555.159[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130226101553.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed
Comment 5 KnowUNIX 2013-02-26 15:30:41 UTC
Are there any other logs that might help us?
Comment 6 Thomas Baumgart 2013-02-26 15:40:00 UTC
Looking at your logs, you selected "Quicken Windows 2008" as application (<APPID>QWIN, <APPVER>1700) but your bank states on http://www.capitalone.com/online-banking/faq/ under "Which versions of Quicken and QuickBooks software do you support?" that they support Quicken Windows 2011, 2012 and 2013.

Please select Quicken Windows 2011 inside KMyMoney when mapping the account. You should see <APPID>QWIN, <APPVER>2000 in your logs then.

Does that make a difference?
Comment 7 KnowUNIX 2013-02-26 18:33:47 UTC
The tech support mentioned that so I have tried a few different settings yesterday.  

Today I am only trying your suggestions so I don't make this harder to figure out . . . 

I changed the version to quicken 2011, emptied the contents of the debug file and here they are:

url: https://onlinebanking.capitalone.com/scripts/serverext.dll
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130226132738.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130226132738.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2000
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130226132738.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
 the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
 and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Completed
Comment 8 Jack 2013-02-26 19:02:30 UTC
That response looks like you are using the wrong URL.  That response comes from a web server, and not an OFX server.  Did you change the URL by accident when changing one of the other parameters?
Comment 9 KnowUNIX 2013-02-26 19:43:33 UTC
Nope, the program puts that URL in there.
Comment 10 KnowUNIX 2013-02-26 22:53:01 UTC
Here is some more info about the changes:

Hi Craig (and everyone),

The errors that many of you are seeing is due to a new security constraint that Capital One Bank has applied to their online banking service. By default, they require customers to call them and "authorize" direct online banking services for their accounts. This may be required, even if you have already used online banking to connect to Capital One Bank.

In addition to requiring re-authorization, they are limiting the number of "devices" that are allowed to connect to your account. In this case "devices" means data files. If you only have one computer, but have three data files (whether in Quicken, Moneydance or some other app), that counts as three devices as far as their servers are concerned. If you have more than their allocated number of "devices" then you'll get an error message saying something along the lines of "Device not authorized".

To resolve this error, you can call Capital One Bank and explain that you seem to have hit the limit of the number of clients or devices that can connect to your account. They should be able to increase the number of "devices" that can connect to your account and you should then be all set.

So, I have called them and also set the number of devices to "1", maybe I should try "2" or "3" . . .
Comment 11 Jack 2013-02-27 00:04:19 UTC
Just because the program chooses the URL for OFX connection does not mean it is correct.  Banks sometimes change them when they update their OFX server software.  It's been a long time since I updated one of my OFX connections, but as I remember, you have a choice of accepting the default (which I believe KMM gets from somewhere else - I don't think the OFX developers actually maintain this list themselves) or or providing the informatoin manually.  I would start by checking http://www.ofxhome.com or see if the bank itself provides a URL in their setup information.

Note the reason I say this is that just looking at the response posted in Comment 7 it is clearly HTML where I would expect a valid OFX response (even if it were an error response) to be XML.

How all of this interacts with the bank's new requirement to explicitly re-authorize the service is a wild guess at this point, but cretainly doesn't make troubleshooting any easier.
Comment 12 Thomas Baumgart 2013-02-27 06:33:07 UTC
That 'somewhere' where KMM gets the OFX parameters is http://www.ofxhome.com, but please keep in mind that this information might also be outdated, though Jesse has a mechanism to validate the data periodically.
Comment 13 KnowUNIX 2013-02-28 13:45:10 UTC
This comment has been expunged by KDE Sysadmin per the request of the comment author.
Comment 14 KnowUNIX 2013-02-28 13:56:32 UTC
Please remove my last comment, I left personal information in the file.  I tried to delete my post but that did not work.
Comment 15 KnowUNIX 2013-02-28 14:22:21 UTC
After changing my user name & password, then correcting the Bank Institution, here are my ofx log file contents:

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228091726.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130228091726.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2000
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130228091726.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228091726

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130228141727.754[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130228091726.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed
Comment 16 Thomas Baumgart 2013-02-28 17:55:54 UTC
According to https://microsoftmoneyoffline.wordpress.com/appid-appver/ the combination QWIN:2000 does not even exist. This could cause the problems as well. KMyMoney does not have a method to let the user modify APPID and APPVER via the GUI but in case you feel adventurous I can tell you how to tweak the settings in your .kmy file. Just let me know if you want to proceed that route for a test.
Comment 17 KnowUNIX 2013-02-28 18:49:47 UTC
Sure; I can tweak a file or two . . . any luck getting that private info edited or deleted?  I did change my info online, but it sure makes me look like a moron . . . [sigh]
Comment 18 Thomas Baumgart 2013-02-28 20:32:53 UTC
Quit KMyMoney and make a copy of your data file. That's a good idea anyway.

Open your KMyMoney in an editor (it is compressed, please read http://kmymoney2.sourceforge.net/kde4/online-manual/details.formats.compressed.html how to uncompress). Search for the string "appId" (without the quote characters) in the correct location (referencing the account in question) and replace the value following it with a combination found on https://microsoftmoneyoffline.wordpress.com/appid-appver/   Save the file and open it with KMyMoney. There's no need to compress it before loading it: KMyMoney can handle the uncompressed file.

No info from the sysadmins yet.
Comment 19 KnowUNIX 2013-02-28 21:34:11 UTC
After uncompressing the file I did find some account info but nothing like AppID or AppVER in the file.  I did a few searches to make sure I wasn't missing them . . . 

[stephen@ThriceDarkness Account Managment]$ grep -i qwin *
[stephen@ThriceDarkness Account Managment]$ grep -i qmofx *
[stephen@ThriceDarkness Account Managment]$ grep -i 1500 *
[stephen@ThriceDarkness Account Managment]$ grep -i 1600 *
[stephen@ThriceDarkness Account Managment]$ grep -i 1700 *
[stephen@ThriceDarkness Account Managment]$ grep -i 1800 *
[stephen@ThriceDarkness Account Managment]$ grep -i 1900 *
[stephen@ThriceDarkness Account Managment]$ grep -i 2000 *
[stephen@ThriceDarkness Account Managment]$ grep -i 2100 *
[stephen@ThriceDarkness Account Managment]$ grep -i 2200 *
[stephen@ThriceDarkness Account Managment]$ grep -i qbw *
[stephen@ThriceDarkness Account Managment]$ grep -i AppID *
[stephen@ThriceDarkness Account Managment]$ grep -i AppVER *

There was a few random hits on the numbers, but it was not what we were looking for.

Here is the account section for my Capital One Bank:

<INSTITUTION manager="" id="I000003" name="CapitalOne Bank" sortcode="255071981">
   <ADDRESS street="6790 Richmond Highway" telephone="(703) 660-7171" zip="22306" city="Alexandria"/>
   <ACCOUNTIDS>
    <ACCOUNTID id="A000002"/>
    <ACCOUNTID id="A000003"/>
    <ACCOUNTID id="A000089"/>
   </ACCOUNTIDS>
   <KEYVALUEPAIRS>
    <PAIR key="bic" value=""/>
   </KEYVALUEPAIRS>
  </INSTITUTION>
Comment 20 Thomas Baumgart 2013-02-28 21:39:31 UTC
That is the institution section but not the account section. You have three accounts there. Look for

ACCOUNT id="A000002"

which identifies the account section. It should contain an <ONLINEBANKING> tag which somewhere has the appid. They only show up if the account is mapped.
Comment 21 KnowUNIX 2013-02-28 22:19:43 UTC
I made two more attempts to map the account to an online account but was unable to do so.  Here is the data from the ofx log:

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228170710.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130228170710.000
<USERID>[private]
<USERPASS>[wrong pw]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2000
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130228170710.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228170710

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>15500
<SEVERITY>ERROR
<MESSAGE>The user cannot signon because he or she entered an invalid user ID or password.
</STATUS>
<DTSERVER>20130228220712.347[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130228170710.000
<STATUS>
<CODE>15500
<SEVERITY>ERROR
<MESSAGE>The user cannot signon because he or she entered an invalid user ID or password.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed


{{ 2nd attempt }}


url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228170851.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130228170851.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2000
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130228170851.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130228170851

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130228220853.058[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130228170851.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed
Comment 22 Thomas Baumgart 2013-03-01 09:14:01 UTC
Ah, I forgot that this information is only available once the account is mapped. Looks like there is no really quick solution w/o compiling (the master branch) from source. I checked in some changes yesterday which allow to select newer appid/appver combinations. But those are not available as packaged versions. Also, I don't want to backport them to the stable branch w/o some confirmation that they help users.
Comment 23 KnowUNIX 2013-03-01 16:05:10 UTC
I've successfully compiled and installed packages before.  I bet I could do it with a little guidance from you, if you're up for it?
Comment 24 KnowUNIX 2013-03-01 16:17:52 UTC
I was able to test a combination from the list of valid combinations.    QWIN/1900 for Quicken for Windows 2011.

Here is my ofx debug log:

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130301110843.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130301110843.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>1900
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130301110843.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130301110843

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130301160847.255[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130301110843.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>This software isn't supported by Capital One Online Banking. For more information, please visit www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed
Comment 25 allan 2013-03-01 16:59:15 UTC
On Fri, 01 Mar 2013 16:17:52 +0000
KnowUNIX <Stephen_Hatfield@ComCast.net> wrote:

> https://bugs.kde.org/show_bug.cgi?id=315760
> 
> --- Comment #24 from KnowUNIX <Stephen_Hatfield@ComCast.net> ---
> I was able to test a combination from the list of valid
> combinations. QWIN/1900 for Quicken for Windows 2011.
> 
> Here is my ofx debug log:
> 
> url: https://onlinebanking.capitalone.com/ofx/process.ofx
> request:
> OFXHEADER:100
> DATA:OFXSGML
> VERSION:102
> SECURITY:NONE
> ENCODING:USASCII
> CHARSET:1252
> COMPRESSION:NONE
> OLDFILEUID:NONE
> NEWFILEUID:20130301110843.000
> 
> <OFX>
> <SIGNONMSGSRQV1>
> <SONRQ>
> <DTCLIENT>20130301110843.000
> <USERID>[private]
> <USERPASS>[private]
> <LANGUAGE>ENG
> <FI>
> <ORG>Hibernia
> <FID>1001
> </FI>
> <APPID>QWIN
> <APPVER>1900
> </SONRQ>
> </SIGNONMSGSRQV1>
> <SIGNUPMSGSRQV1>
> <ACCTINFOTRNRQ>
> <TRNUID>20130301110843.000
> <CLTCOOKIE>1
> <ACCTINFORQ>
> <DTACCTUP>19691231
> </ACCTINFORQ>
> </ACCTINFOTRNRQ>
> </SIGNUPMSGSRQV1>
> </OFX>
> 
> response:
> OFXHEADER:100
> DATA:OFXSGML
> VERSION:102
> SECURITY:NONE
> ENCODING:USASCII
> CHARSET:1252
> COMPRESSION:NONE
> OLDFILEUID:NONE
> NEWFILEUID:20130301110843
> 
> <OFX>
> <SIGNONMSGSRSV1><SONRS>
> <STATUS>
> <CODE>2000
> <SEVERITY>ERROR
> <MESSAGE>This software isn't supported by Capital One Online Banking.
> For more information, please visit
> www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764,
> option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
> </STATUS> <DTSERVER>20130301160847.255[0:GMT]
> <LANGUAGE>ENG
> <FI>
> <ORG>Hibernia
> <FID>1001
> </FI>
> </SONRS>
> </SIGNONMSGSRSV1>
> <SIGNUPMSGSRSV1>
> <ACCTINFOTRNRS>
> <TRNUID>20130301110843.000
> <STATUS>
> <CODE>2000
> <SEVERITY>ERROR
> <MESSAGE>This software isn't supported by Capital One Online Banking.
> For more information, please visit
> www.capitalone.com/online-banking/faq/ or call us at 1-877-442-3764,
> option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
> </STATUS>
> 
> <CLTCOOKIE>1
> 
> </ACCTINFOTRNRS>
> </SIGNUPMSGSRSV1>
> </OFX>
> Completed
> 

Would it be worthwhile contacting your bank to tell them that you are
now using a valid version, and requesting that they re-authorize you?

Allan
Comment 26 KnowUNIX 2013-03-01 18:04:30 UTC
I have been speaking with Capital One and had them reset me a few times and watch while I make my attempts with no success.  They also walked me through the setup using Hebrnia, 1001, and the URL list above.  They both hinted at recent changes in the 2012 version of Quicken/Quickbooks for security but did not know the details.  They have had an influx of calls due to recent the recent Quicken<=>Server updates . . .
Comment 27 allan 2013-03-01 21:17:18 UTC
Well, at least you have been able to map the account, perhaps you'll now be able to edit the version id?

You could just try a search for 1900 and if that's in the <ONLINEBANKING> entry, try editing to 2100.

Failing that, it looks like the compile route.  I understand that since a recent change, it's possible to compile the latest git version, but as to how, others will need to advise.
Comment 28 KnowUNIX 2013-03-01 23:22:22 UTC
Allan, The mapping to the online account had to be cancelled because of the error and it does not complete successfully.  I'm not sure I will compile till next week; son is home for the weekend . . .
Comment 29 utwes 2013-03-15 04:35:31 UTC
I can get you to the next error message at least (for me).  

Change your Header Version from 102 to 103.  After I did that, I started getting this message:

ERROR #2000 - Server message: Oops, this device isn't authorized for use with your Capital One account.  To authorize it, call Capital One Online Banking Customer Service at blah, blah, blah (phone and hours)...

If I change the Header Version back to 102, I get the "...software isn't supported..." message.

FWIW, I have also spent a few phone calls with Capital One tech support working through this issue.  I'm not sure if I believe them, but they say they can't see an attempted connect on their side (not sure if front-line tech support would have that info), but I am activated, and I'm not "using" any of the 5 devices I'm eligible to use on their side.
Comment 30 utwes 2013-03-15 05:24:32 UTC
For more information, I've included my ofxlog as well.  I tried APPVER of 2000 (Quicken 2011 in KMM), 1900 (per the blog), and 2100 by manually updating the XML, and can see through the log it passes through, but I get the same behavior.

You can also see the VERSION tag below of 103 vs KnowUNIX's 102.  To clarify my previous comment, you can change that (assuming not in the XML) on the same screen/tab you change the software version.  Otherwise, it will be in a similar place to where you change the APPVER in the XML.

I also didn't mention in the previous post how much I appreciate all the KMM developers for creating such an excellent piece of software.  In fact, the (newer) CSV import feature had me less stressed out about the Capital One outage because it works so cleanly.  While I'm not trying to hijack this thread, for full disclosure, I'm on KMM 4.6.2 (Kubuntu) as I'm dependent on Clay's deb's (not as comfortable with compiling the code - thank you, too, Clay).  

Further debug information - my ofxlog output may look a bit different because I was able to keep my kmy file with the (previous) working connection info.  However, I have tried unmapping this account and remapping (using Quicken 2010, which shows QWIN:1900 and Quicken 2011, which shows QWIN:2000 in the log).  I've also even created a new kmy file from scratch and just tried adding this account - no dice.

If anyone does have Capital One working, I'd love to see the ofxlog output, and I'd also love to hear how KNOWUnix's update from 102 to 103 goes.

[ofxlog.txt output]

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130315000109.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130315000109.000
<USERID>[un]
<USERPASS>[pw]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2100
</SONRQ>
</SIGNONMSGSRQV1>
<BANKMSGSRQV1>
<STMTTRNRQ>
<TRNUID>20130315000109.000
<CLTCOOKIE>1
<STMTRQ>
<BANKACCTFROM>
<BANKID>[route]
<ACCTID>[acct]
<ACCTTYPE>CHECKING
</BANKACCTFROM>
<INCTRAN>
<DTSTART>20130114
<INCLUDE>Y
</INCTRAN>
</STMTRQ>
</STMTTRNRQ>
</BANKMSGSRQV1>
</OFX>
response:
OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130315000109

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>Oops, this device isn't authorized for use with your Capital One account. To authorize it, call Capital One Online Banking Customer Service at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130315050112.135[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<BANKMSGSRSV1>
<STMTTRNRS>
<TRNUID>20130315000109.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>Oops, this device isn't authorized for use with your Capital One account. To authorize it, call Capital One Online Banking Customer Service at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</STMTTRNRS>
</BANKMSGSRSV1>
</OFX>
Completed
Comment 31 KnowUNIX 2013-03-15 14:12:55 UTC
Sorry I've not been active for some time; I've been using the CSV feature successfully. 

Here is the debug log when I set the AppVER value to 103:

url: https://onlinebanking.capitalone.com/ofx/process.ofx
request:
OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130315100114.000

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20130315100114.000
<USERID>[private]
<USERPASS>[private]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
<APPID>QWIN
<APPVER>2000
</SONRQ>
</SIGNONMSGSRQV1>
<SIGNUPMSGSRQV1>
<ACCTINFOTRNRQ>
<TRNUID>20130315100114.000
<CLTCOOKIE>1
<ACCTINFORQ>
<DTACCTUP>19691231
</ACCTINFORQ>
</ACCTINFOTRNRQ>
</SIGNUPMSGSRQV1>
</OFX>

response:
OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:20130315100114

<OFX>
<SIGNONMSGSRSV1><SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>Oops, this device isn't authorized for use with your Capital One account. To authorize it, call Capital One Online Banking Customer Service at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>
<DTSERVER>20130315140115.212[0:GMT]
<LANGUAGE>ENG
<FI>
<ORG>Hibernia
<FID>1001
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>20130315100114.000
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>Oops, this device isn't authorized for use with your Capital One account. To authorize it, call Capital One Online Banking Customer Service at 1-877-442-3764, option 4, M-F 8 AM - 10 PM ET, Sat-Sun 9 AM - 6 PM ET. Thanks.
</STATUS>

<CLTCOOKIE>1

</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>
Completed

I am authorized . . .
Comment 32 Jack 2013-03-15 17:19:43 UTC
As I read it, the account is authorized, the server says the device is not authorized, but this is the first device you are using for access.  I would wonder how they distinguish the five authorized devices, and if perhaps they are expecting some device specific item in the OFX request that they are not getting.
Comment 33 Thomas Baumgart 2013-03-16 12:49:43 UTC
Here's a link that might contain some more ideas on what can be done (not sure if that has already been tried by one of you): http://help.infinitekind.com/discussions/questions/8772

For those of you adventurous enough, here's the link to the latest spec http://www.ofx.net/DownloadPage/Files/OFX2.1.1.zip  In case you find something that might be related, we can certainly take a look. I have no idea how this device management is working at all and what needs to be done to support it by the application.

http://libofx.sourceforge.net/ does not show changes either wrt the problems covered by this bug.
Comment 34 Thomas Baumgart 2013-03-17 07:50:06 UTC
Looks like we're getting a bit closer to a solution of the problem as I now understand the problem. I found a discussion over at our friends at GnuCash: http://lists.gnucash.org/pipermail/gnucash-devel/2012-December/034626.html and a possible solution http://lists.gnucash.org/pipermail/gnucash-devel/2013-March/035110.html which refers to a blog post at http://pocketsense.blogspot.de/2013/01/jan-2013-version-of-scripts-available.html.

So it seems, we need a ClientUID field to transfer to the bank. Don't know if this is per KMyMoney instance, per account or what. Martin of aqBanking fame seems to have the same problem in understanding: http://lists.gnucash.org/pipermail/gnucash-devel/2012-December/034630.html .

Here's what the OFX spec says:

<OFXSPEC version="2.1.1" chapter="2.5.1.1.1">
OFX servers can require OFX clients to include a client ID in each signon request. This client ID should
be unique to the installation of the client software, but the method that the ID is generated is left up to the client. The server can specify that this field is required using the <CLIENTUIDREQ> tag in the applicable <SIGNONINFO> section of the profile. Servers should expect that users may connect via OFX from multiple locations and may need to associate more than one <CLIENTUID> value with their <USERID>.
The client may make this value user discoverable, so that the user can register the client ID with financial institutions.
</OFXSPEC>

The spec even has an example for it in chapter 2.5.6 entitled "Signon in OFX 2.1.1 which includes CLIENTUID and both additional credential tags" which contains the following section:

<APPID>MyApp</APPID>
<APPVER>1600</APPVER>
<CLIENTUID>22576921-8E39-4A82-9E3E-EDDB121ADDEE</CLIENTUID>
<USERCRED1>MyPin</USERCRED1><!--Profile has included
<USERCRED1LABEL>PIN:</USERCRED1LABEL>-->
<USERCRED2>MyID</USERCRED2><!--Profile has included
<USERCRED2LABEL>Your ID:</USERCRED2LABEL>-->

This somehow goes along with the error, that the device is not authorized.
Comment 35 utwes 2013-03-19 19:17:01 UTC
(In reply to comment #34)

Thomas - thank you so much for your help in tracking down additional resources.  I agree that the GNUCash posts seem to most closely resemble our challenge, and it makes sence that the bank would accept a GUID to determine "unique devices".

In regards to your comments below and based on the comments on the discussion boards, it seems that if we were able to add the CLIENTID tag to the OFX request, that might solve our issue.  However, I'm assuming that isn't something that I can do on my side (modifying .kmy file or otherwise).  In fact, it might be something that KMM developers will depend on AQBanking to do, but please let me know if there are next steps here.

Thanks.

[snip]
> So it seems, we need a ClientUID field to transfer to the bank. Don't know
> if this is per KMyMoney instance, per account or what. Martin of aqBanking
> fame seems to have the same problem in understanding:
> http://lists.gnucash.org/pipermail/gnucash-devel/2012-December/034630.html .
> 
> Here's what the OFX spec says:
> 
> <OFXSPEC version="2.1.1" chapter="2.5.1.1.1">
> OFX servers can require OFX clients to include a client ID in each signon
> request. This client ID should
> be unique to the installation of the client software, but the method that
> the ID is generated is left up to the client. The server can specify that
> this field is required using the <CLIENTUIDREQ> tag in the applicable
> <SIGNONINFO> section of the profile. Servers should expect that users may
> connect via OFX from multiple locations and may need to associate more than
> one <CLIENTUID> value with their <USERID>.
> The client may make this value user discoverable, so that the user can
> register the client ID with financial institutions.
> </OFXSPEC>
> 
> The spec even has an example for it in chapter 2.5.6 entitled "Signon in OFX
> 2.1.1 which includes CLIENTUID and both additional credential tags" which
> contains the following section:
> 
> <APPID>MyApp</APPID>
> <APPVER>1600</APPVER>
> <CLIENTUID>22576921-8E39-4A82-9E3E-EDDB121ADDEE</CLIENTUID>
> <USERCRED1>MyPin</USERCRED1><!--Profile has included
> <USERCRED1LABEL>PIN:</USERCRED1LABEL>-->
> <USERCRED2>MyID</USERCRED2><!--Profile has included
> <USERCRED2LABEL>Your ID:</USERCRED2LABEL>-->
> 
> This somehow goes along with the error, that the device is not authorized.
Comment 36 Cristian Oneț 2014-07-31 07:58:56 UTC
Any news on this, if I understood correctly this should be fixed by upstream (AqBanking)?
Comment 37 Jack 2014-07-31 13:11:25 UTC
If it is AqBanking, would it also need to be addressed in libOFX for those of us who use OFX but not through AqBanking, or is that essentially the same upstream?
Comment 38 Cristian Oneț 2014-07-31 13:13:27 UTC
(In reply to Jack from comment #37)
> If it is AqBanking, would it also need to be addressed in libOFX for those
> of us who use OFX but not through AqBanking, or is that essentially the same
> upstream?

Yes, it should if it's not already done in libOFX.
Comment 39 Thomas Baumgart 2014-08-01 07:01:25 UTC
The application version issue has been fixed with this commit: 6e951911d5ceb0fbc7427367e3ec92f3b21be2cc on master

https://projects.kde.org/projects/extragear/office/kmymoney/repository/revisions/6e951911d5ceb0fbc7427367e3ec92f3b21be2cc

With AqBanking it is a complete upstream problem, so I am tempted to close this entry here as resolved.