How to fix the "Cannot create ... file" error during TWS installation on MacOS

Background: 

The filesystem permissions are controlled by your machines operating system. One of their functions is to secure your files, preventing unauthorized access or undesired modifications to the system and to your personal data.   

Some software on your computer may modify or override the permissions assigned by the operating system. Under certain circumstances, this prevents the TWS installer from accessing the folder where the application core files have to be created (/users/youruser/home/Applications). In such cases, the TWS installation usually displays the error "Cannot create ... file. Shall I try again?"

In this article we explain how to reset the filesystem permission of the "Applications" folder located under your user home folder in order to allow a smooth run of the TWS installation.
 

Procedure:

 
1. On your keyboard, press ⌘CMD + ⇧Shift +H to open your home folder
 Figure 1
 
2. Select the folder "Applications" within your home folder and press ⌘CMD + I to open the Info panel
 Figure 2
 
2. At the bottom right of the panel, click on the padlock
 Figure 3
 
3. To unlock the permissions panel, enter your MacOS credentials and click OK
 Figure 4
 
4. In the line correspondent to "everyone", click on "No Access" (Figure 5) and then select "Read & Write" (Figure 6)
 Figure 5                                                                            Figure 6
 
 
5. Click on the icon bellow the permissions panel and select “Apply to enclosed items..."
 Figure 7
 
6. Now run the TWS installer and click on Next> until you complete the installation
 Figure 8

7. Once the installation has completed successfully, repeat the previous steps from 1. to 5. setting back the permissions of “everyone” to “Read Only” to revert your changes to the initial status

 

 

IBKR Host and Ports Documentation

Background: 

TWS connects to IBKR servers via port 4000 and 4001, if using SSL, and will not operate on any other port. If you are using a proxy server, it needs to be a transparent with both inbound and outbound ports open so that the TWS can function properly.

Below are listed all the gateways, along with the corresponding destination host that might be used by the TWS when you use our services, please allow access to those hosts.

The easiest way to test whether your connection needs any special setup or has been configured properly is to use IBKR's Dedicated Test page, which will provide a dynamic test of your network’s connection against our main trading and market data servers. If a “Success” response is returned, there is nothing more for you to do. If the response is “Failure”, we recommend adding an exception for the new hosts to your network’s configuration or review your changes.

Note: If your network uses a browser proxy, the test page can produce false positives. In this case, or if you are not sure what your network setup is, turn to your network administrators, who can perform ping and telnet tests to the hosts listed below to confirm compliance with the connectivity requirements.

Specs:

CLIENT PORTAL AND WEBSITE

REGION/PRODUCT

SERVER (HOST)

PORTS1

IBKR WEBSITE – AMERICA

www.interactivebrokers.com

443

IBKR WEBSITE – Canada

www.interactivebrokers.ca

443

IBKR WEBSITE – UK

www.interactivebrokers.co.uk

443

IBKR WEBSITE – INDIA2

www.interactivebrokers.co.in

443

IBKR WEBSITE – JAPAN2

www.interactivebrokers.co.jp

443

IBKR WEBSITE – HONG KONG2

www.interactivebrokers.com.hk 443

IBKR WEBSITE – CHINA2

www.ibkr.com.cn 443

IBKR WEBSITE - AUSTRALIA

www.interactivebrokers.com.au 443

ACCOUNT MGMT – EAST

gdcdyn.interactivebrokers.com

443

ACCOUNT MGMT – CENTRAL

cdcdyn.interactivebrokers.com

443

DISASTER RECOVERY SITE

www.ibgdr.com 80

1: Standard Communication: TCP Port 80 | SSL Communication: TCP Port 443.

2: This IB Server host does not support ping request.

Important Note: If you are accessing Client Portal from a corporate network where the Internet access is provided through a load balancing equipment, you may receive error messages about expired/invalid session and/or missing web content upon or after the login phase.  The load balancer cycles your outbound connections over two or more network interfaces to equalize the network workload. As a consequence of this mechanism, your HTTP requests reach our systems from different IP addresses, invalidating your Client Portal session.
In this scenario, as a solution, please ask your network administrator or IT group to configure your machine/device for bypassing the load balancer. This will allow your session to remain valid and alive.
 

 

DESKTOP TWS

REGION/TOOL

PRIMARY/BACKUP

SERVER (HOST)

PORTS


TWS AMERICA – EAST

PRIMARY

ndc1.ibllc.com


4000 / 4001

BACKUP

ndc1_hb1.ibllc.com


TWS AMERICA – CENTRAL

PRIMARY

cdc1.ibllc.com


4000 / 4001

BACKUP

cdc1_hb1.ibllc.com


TWS EUROPE

PRIMARY

zdc1.ibllc.com


4000 / 4001

BACKUP

zdc1_hb1.ibllc.com

TWS ASIA

PRIMARY

hdc1.ibllc.com

4000 / 4001

BACKUP

hdc1_hb1.ibllc.com

TWS ASIA - CHINA3

PRIMARY

mcgw1.ibllc.com.cn

4000 / 4001

BACKUP

mcgw1_hb1.ibllc.com.cn
TWS AUTO-UPDATE PRIMARY

download.interactivebrokers.com

443

download2.interactivebrokers.com

RISK NAVIGATOR

PRIMARY

risk.interactivebrokers.com

443

TWS CLOUD SETTINGS

PRIMARY

s3.amazonaws.com

443

IB CAM

PRIMARY

gdc1.ibllc.com

4000 / 4001

DIAGNOSTICS REPORTS

PRIMARY

https://wit1.interactivebrokers.com

443

3: Gateway dedicated to clients with accounts assigned to the Hong Kong server, but are physically connecting from Mainland China.

 

 

 

Operating your Digital Security Card+

The Digital Security Card (DSC) is a battery operated security device which generates a series of random codes to be entered along with your user name and password upon each log in attempt.  As physical possession of the DSC is required to obtain the codes and log in, the device effectively prevents hackers who may have compromised your computer or information from accessing your account.  Instructions for operating the DSC are outlined below. 

 

 

Step 1 -  When logging into your account, enter your user name and password as usual. If successful, a 6-digit Challenge Code will appear. 

Step 2 - Turn on your device by pressing the “press” button until the 'PIN>' display appears, enter the 4-digit PIN code you specified at the time you requested the device and press the “OK” button. 

Step 3 - Enter the 6-digit Challenge Code from the login screen (step A) into the device when the 'CHALLNG>' display appears, press the “OK” button and a response code will appear. 

Step 4 - Enter the 8 digits of the response code (Step C) into the login Screen. Select the Login button to proceed. 

Note that the buttons on your security cards are not touch sensitive and must to be pressed to operate.

  

Related Articles

KB1042 - Video instructions for logging in with the Secure Code Card

KB1942 - Reactivating the permanent Secure Login Device

KB1943 - Requesting a replacement Secure Login Device

KB1131  - Overview of the Secure Login System

 

How to fix the error: "Library dbcapi.dll cannot be loaded"

Background: 
 
TWS users may receive the following error message upon configuring TWS to use the eSignal data feed:
 
 
This error may appear for the following reasons:
 
Issue A - You are not using the 32 bit version of TWS and/or eSignal:
The 32-bit versions of both TWS and eSignal have to be installed for the integration to work. In the section below you will find the instructions for installing the 32-bit TWS. Should you need assistance with the installation of the 32-bit eSignal, we suggest you to contact the eSignal customer support.
 
Issue B - There is an incompatibility with the file C:\Jts\dbcapi.dll:
To use 32-bit eSignal version 12, an incompatibility with the C:\Jts\dbcapi.dll file must be fixed. This involves copying a file from the eSignal installation and renaming it to dbcapi.dll. 
 
Note: On certain systems you will need to apply the fixes for both issue A and B. If you applied the fix for issue A (or if you are already sure you are using the 32 bit version of both platforms) and you are still receiving the error message, then please apply as well the fix for issue B.
 
 
 
Instructions to resolve issue A
Installing 32-bit TWS
 
Please open the page http://www.ibkr.com in your browser and perform the steps below:

1) Click on the LOG IN button at the top right corner of the page.

2) Under the section TRADER WORKSTATION, click on TWS Latest.

3) On the next page, click on the link Download for Other Operating Systems.
 

4) Click on the item Windows 32-bit.

5) Make sure that the description under the DOWNLOAD button has changed to "Windows: 32 bit". Click now on DOWNLOAD.

6) Launch the downloaded file. The Trader Workstation installation will start. At this point you may see the warning message "Trader Workstation latest is already installed...". Ignore this warning and click on the button Next > to continue the installation.

 

7) Your "Trader Workstation" Desktop icon will be automatically updated. You can now launch the 32-bit Trader Workstation by a double click on that icon.

If you have launched the 32-bit TWS and the 32 bit version of eSignal but you still receive the same error message, please follow as well the instructions below

 
 
Instructions to resolve issue B
Replacing dbcapi.dll for compatibility between 32-bit TWS and 32-bit eSignal 12

To correct an incompatibility with the dbcapi.dll file, we will replace that file with another version of it taken from the eSignal installation folder. Please follow the steps below to perform the substitution:  

1) Navigate to C:\Jts and rename the file dbcapi.dll to dbcapi_old.dll

2) Navigate to the directory where 32-bit eSignal 12 is installed (most commonly C:\Program Files (x86)\Common Files\Interactive Data\DM)

3) Copy dbcapi_vc8.dll from that directory into the C:\Jts directory.

4) Move to the C:\Jts directory

5) Right click on the dbcapi_vc8.dll file (now in the C:\Jts directory) and select rename. Type dbcapi.dll as the new filename.

6) TWS is now ready to accept the eSignal data feed.

 

How to install the TWS API Components on Mac / Unix

NOTE: If you have already agreed to the API License Agreement please start at Step 3 below.

Instructions

  1. Click directly on the button below to access the API software download page. 
  2. This will direct you to Interactive Brokers API License Agreement, please review it.
  3. Once you have clicked "I Agree", refer to the Mac / Unix section to download the API Software for your o.s.
    API Software Download List
  1. This will download twsapi_macunix.n.m.zip to your computer.
    (where n and m are the major and minor version numbers respectively)
  2. Open Terminal (Ctrl+Alt+T on most distributions)
    (On Mac press Command+Space to launch Spotlight, then type terminal and press Return)
  3. Navigate to the directory where the installer has been downloaded (normally it should be the Download folder within your home folder) and confirm the file is present.

     $  cd ~/Downloads
     $  ls

  1. Unzip the contents the installer into your home folder with the following command (if prompted, enter your password):
    $  sudo unzip twsapi_macunix.n.m.zip -d $HOME/
    Installation directions Step 3 and Step 4
  2. To access the sample and source files, navigate to the IBJts directory and confirm the subfolders samples and source are present.
    $  cd ~/IBJts
    $  ls
    Installation directions Step 5
 

 

Legacy Instructions - API Version ≤ 9.71

Note: IB only offers API Version 9.72+. In the event you already have an existing legacy version and need to install it, please refer to the directions below:

  1. locate the file twsapi_macunix.n.m.jar on your computer.
    (where n and m are the major and minor version numbers respectively.)
  2. Open Terminal (Ctrl+Alt+T on most distributions)
    (On Mac press Command+Space to launch Spotlight, then type terminal and press Return)
  3. Navigate to the directory where the .jar file has been located (normally it should be the Download folder within your home folder) and confirm it is present.
    cd ~/Downloads
    $  ls
  4. Extract the contents of the .jar file into your home folder.
    $  jar xf twsapi_macunix.n.m.jar -d $ HOME/
  5. To access the sample and source files, navigate to the IBJts directory and confirm the subfolders samples and source are present.
    $  cd ~/IBJts
    $  ls
 
 

Additional Information 

You can as well refer to KB2222 for video instructions on installing the Legacy API Components on a Mac.

 

How to share a security device

Overview: 

IBKR allows individuals to maintain multiple user names within a single account or across distinct accounts under their control.  Individuals who do not wish to maintain multiple physical security devices may elect to consolidate and share a single device across their users. The prerequisites and the procedure for sharing devices are outlined below.

Note: Clients using the IBKR Mobile Authentication (IB Key) should not use the present device sharing procedure, since the IB Key allows multiple users to be enabled directly from the IBKR Mobile app itself (menu item: Authenticate -> Add user). 
 
Background: 

Prerequisites

The possibility of sharing a physical security device will be granted only if ALL the conditions below are respected:

a) The participant users belong either to the same entity or to different entities but with the same identification data (Date of Birth, Citizenship, Country of Legal Residence, Identification Document type and number or Social Security Number for US Citizens and residents). 

b) The participant users do NOT have a temporary security device (Temporary Code, Online Security Code Card) currently assigned to them.

c) The physical device offering the highest level of protection has to be shared. In case all the devices offer the same level of protection, whichever of them can be eligible. You can check the security level of your device in the table below:

Security level

Device name

Device image

Highest Digital Security Card+ (DSC+)
Lowest Security Code Card (SLS card)
 
 

Procedure:

1. Among the possible candidates, identify the device offering the highest level of protection and the user that device belongs to. We will call that user the device owner

2. Log in to your Client Portal page with the requesting user (NOT the device owner)

3. Click on Menu icon in the top-left then select Settings and then User Settings
 
 4. Click on the wheel (Settings) close to Secure Login System
 
5a. In case your user does not have any active device, the system will display the SLS enrollment menu. Select the item "I already have access to a Secure Login Device under a different username" and click on Continue
 
5b. In any other case, the system will display the device list. Click on Share Device to proceed further
 
6. Enter the credentials of the device owner you identified at point 1. and click on Continue.

 
7. According to the SLS Device about to be shared, the system will display a security element (either Challenge Code or Index Numbers). Operate the SLS Device and, using the security element provided by the system, generate a response code. Enter the response code in the correspondent field and click on Continue.
 
8. Once you have reviewed the correctness of the information entered, click on Continue.

 
9. The system will display the status of your request (see note a. for details). Click OK to finalize the procedure.

 

NOTES:

a. In the vast majority of cases your sharing request will be automatically and immediately approved, processed and enforced. In case the approval of our Compliance department is needed, your request will stay in a pending status until this step has been cleared.

b. Once the device sharing request has been processed, you could keep the redundant device/s in a safe place. In the future you might decide to cancel the device sharing and reactivate those devices instead. If you do not feel the need to store them, you can send them (only DSC+) back to us following the instructions contained on this page:
 

c. Here below you can see the most common error messages and their causes:

- Less secure device: This error is returned if you set up the less secure token as the one to be shared. Please identify the most secure device and share that one.

- Different identification information:
This error is returned if the identification data of the entities/individuals involved in the sharing does not match. If the users belong to different entities/individuals, please notice that the token sharing will NOT be possible by design.
If the users belong in fact to the same entity/individual, the mismatch could be due, for example, to an outdated identification document on record. In this case, you can contact our Client services to have the data rectified.

 

 References:
  • Overview of the Secure Login System: KB1131 or ibkr.com/sls 
  • Multiple Two-Factor Authentication System (M2FS): KB2895
  • How to share the Security Login Device between two or more users: KB2481
  • How to opt back into the Secure Login System: KB2545
  • Security considerations following SLS partial opt-out: KB1198
  • Are there any charges or expenses associated with the security devices? KB1861
  • How to troubleshoot Account Management Login Failures: KB1132
  • How to troubleshoot Trading Platform Login Failures: KB1133

 

How to restore TWS settings from external storage

Overview: 

This article outlines the procedure for restoring TWS settings from an external location, example external hard drive, USB or other file location.

To restore TWS settings from an external source:

1. Log into TWS

2. Click on File and select Settings Recovery

Menu: File -> Settings Recovery                                     

3. Select Custom and click on Ok

Settings Recovery options                                                                                                                    

4. In the Look in field click on the drop down menu and select the directory where the TWS settings file is stored, example; If the file was located on the Desktop you would scroll to Desktop as shown below                                     Choose settings file location                                                              

5. Once you are in the directory containing the settings file,  select the settings file, example tws.xml and click on Open.

Enter settings filename

6.  In the Open settings confirmation window select Open without reporting problem

settings confirmation

 

See KB3146 for instructions on overcoming the "Downloading settings from server failed" error

See KB2320 for instructions on transferring settings from one user to another

See KB2282 for instructions on how to transfer settings from one computer to another

 

 

 

 

How to transfer TWS settings from one computer to another

Overview: 

 This article applies to:

  • Platform(s): Windows, Mac, Linux
  • TWS Build(s): Build 936 and Above

 

Background: 

Store settings on server allows clients the ability to store their Trader Workstation (TWS) settings/configuration on Interactive Brokers (IB) servers and retrieve them at anytime from another computer. This feature allows you to transfer settings from the same user on two different machines, but not between different accounts/users.

 
'Store' Settings on Server:

To transfer settings from one computer to another for the same username you will need to enable the option Use/store settings on server:

1. On the computer which currently has your settings, log in with the Use/store settings on server option unchecked on the login window

 TWS Login Screen

 2. Once you are logged in, enable this function:

  • If you are using the Classic layout, navigate to Edit >> Global Configuration >> Lock and Exit and check the box Use store settings on server
  • If you are using the Mosaic layout navigate to File >> Global Configuration >> Lock and Exit and check the box Use store settings on server

 Global Configurations Window

3.  Select Apply and OK.

4. Click on File -> Save Settings.

5. To Exit the application navigate to File and Exit.

IMPORTANT NOTE: The above operation will only save one copy of the TWS settings on the server. The serve does not store any backup copies.

 

'Use' Settings on Server:

On any computer (on which you want to use the same settings as above): Login with the Use/store settings on server option checked on the login window. This will download the settings, which you previously saved on our server.

 TWS Login Screen

 

 

See KB2323 for instructions on how to restore TWS settings from external storage

See KB2320 for instructions on transferring settings from one user to another

 

 

Account Management using Safari browser

Most recent versions of web browsers contain a feature which prompts users to save their user name and password when logging into various sites on the Internet.  While convenient in practice, this feature introduces a significant security risk in that it allows anyone with access to the computer to log into those sites where the password has been saved.  As a result, many sites that deal with highly sensitive information, including IB's Account Management, have controls which do not allow this feature to be utilized. While most browsers such as Mozilla Firefox, Internet Explorer and Google Chrome allow for such controls, others such as Apple's Safari do not.   As a result, Safari users who attempt to use the password save feature may experience log in failures on future log in attempts.

Should this occur, you will need to remove the saved login credentials through the following steps:

 
1) When Safari is in the foreground click on the menu Safari --> Preferences
2) Click on the icon AutoFill on the toolbar
3) Click on the button “Edit..." close to User names and password


4) Locate the line related to the Account Management web site and select it
5) Click on the button “Remove
6) Close and reopen Safari and you should be now able to log in . Upon log in you will be prompted whether to save user/pass again for the website. Please answer “Never for this website” or "Not now".

 

Syndicate content