Generate RSA Key Pair on Windows

Those instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements in that way, you would first need to generate an RSA Key pair. Here is how to do that:

1. Download WinSCP and PuTTYgen.

2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.

3. Start WinSCP and PuTTYgen.

4. On Puttygen, click Generate.  Enter your sFTP username in the Key Comment field, select RSA as Type of key to generate, 2048 as Number of bits in generated key and click on the button Generate.

5. Click on "Save private key" and give the file a name (like private). Leave the extension as .ppk  ('ale.ppk', in the picture below is an example filename):

6. Open WinSCP, create a new connection and:
  • Select SFTP as File protocol.
  • Enter xfer.interactivebrokers.com in the Host name field.
  • Enter 32 in the Port number field.
 
7. Click on the button Advanced.

8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):

9. Click on the button Display public key:
 
10. Click on the button Copy Key.

11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:


12. Send the file you saved at the previous step as an email attachment to Sales Engineering team.
In the same email, please indicate as well all IP Addresses from which you will access our SFTP Server so we can whitelist them. Please include as well your Account number in the email Subject.
 
13. In the WinSCP Window, click on "OK" in the information pop-up showing the key, then "OK" in the Advanced Site Settings screen, then click on Save to save the new connection you have created.
 
14. Once the IB Sales Engineering Team has configured the parameters for your connection on our servers, you will be able to access your SFTP repository by using the connection you have created.
 
Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Transferring your Key Pair From One Computer To Another

Background: 

If you need to decrypt files that were encrypted with your private Key on an additional computer, you need to copy both your private and public keys (the entire Key pair) to that computer.

Note: this tutorial assumes you have already set up a Key pair. If you need guidance to set up the Key pair please refer to this article, which is a prerequisite to the instructions below.

 

How to transfer your Key pair:

Please select one of the below links, according to your Operating System

 

Windows

1. On the machine where the encryption keys are stored, connect a USB drive to a free USB port.

2. Launch the GPA Key Manager application and select the encryption key you want to transfer. Please make sure that you see the text 'The key has both a private and a public part', in the details panel on the bottom of the window, as highlighted in the screenshot below.

3. Select the menu Keys and then click on Backup. Do NOT use Export, as this will only export the public part while you need both the public and the private key.

4. Save the key with a filename (e.g. secret-key-KEYID.asc) on the USB drive.

5. Eject the USB drive and connect it to a free USB port on the other computer (the one you want to transfer the key to). All the next steps have to be executed on that machine.

6. Make sure the the GPA software is installed, otherwise please install it.

7. Launch the GPA Key Manager application and click on the top menu Keys and then on Import Keys.

8. Click on the letter correspondent to the USB drive and select the file you have previously saved (e.g. secret-key-KEYID.asc). Then click Open.

9. The confirmation message should display "...1 public keys imported... 1 secret keys imported..."

10. Once the key has been successfully imported, delete the key file from the USB drive and empty the Trash.

 

macOS

1. On the machine where the encryption keys are stored, connect a USB drive to a free USB port.

2. Launch the GPG Keychain application and select the encryption key you want to transfer. Please make sure that you see the text Type: Secrete and public key, in the Type column.

3. With the desired encryption key highlighted, click Export. Please make sure to check the box for the option Include secret key in exported file, as illustrated in the above screenshot. Save the key pair to the USB drive.

4. Eject the USB drive and connect it to a free USB port on the other computer (the one you want to transfer the key to). All the next steps have to be executed on that machine.

5. Make sure the GPG Tools suite is installed, otherwise please install it.

6. Launch the GPG Keychain application and click the icon Import on the top toolbar.

7. Click the USB Drive and select the previously saved .ASC file that contains the Public and Private key. Then click Open.

8. The confirmation should read Import successful.

9. Once the key has been successfully imported, delete the key file from the USB drive and empty the Trash.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
 
 

Decrypting Reports using your PGP Key pair on macOS

Note: this tutorial assumes you have received Reports via email that were encrypted with the public key you sent us. If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.

1. Open Finder

2. Right click on the .gpg file you want to decrypt

3. Select Services > OpenPGP: Decrypt File

 

Common Issues/Questions

  • Decryption failed with error 'No Secret Key'

This is commonly caused when the wrong encryption key is used to decrypt the file.  If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer

If the above does not help, then a new public/private key pair needs to be created and sent to us.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Decrypt your Reports using GPG for Windows

Note: this tutorial assumes you have received Reports via email which were encrypted with the public key you sent us. If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.

How to Decrypt Encrypted Email Data using GPA:

1.  Start the GPA program (included in Gpa4win suite)

 
2.  Select Your Key
 
3.  Click on the Files icon in the menu
 
4.  Click the Open menu icon
 
5.  Navigate to the encrypted Report and select it. Click the Open button in the bottom right as seen in the image below
 
6.  Your file should now be listed in the file manager as seen below
 
7.  Click the decrypt button and the decrypted file should appear below in blue.
 
 

Common Issues/Questions

  • Decryption failed with error 'No Secret Key'

This is commonly caused when the wrong encryption key is used to decrypt the file.  If decryption is being done on a computer other than the original computer that was used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer

If the above does not help, then a new public/private key pair needs to be created and sent to us.

 

References

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

How to generate a ".har" file

Background: 

When troubleshooting a non-trivial website issue, it is sometimes necessary for our Client Services team to obtain additional information about your browser communication. You may be asked record and provide a .har file. This file contains additional information about the network requests that are sent and received by your browser. Your browser can generate such file by recording content, timeline and status of HTTP/HTTPS requests and responses while the issue occurs.

In this article we explain how to generate a .har file. Please click on the browser that you use in the list below:

 

To generate the HAR file for Google Chrome:

1. Open Google Chrome and go to the page where the issue is occurring.

2. Press CRTL +SHIFT + I on your keyboard. Alternatively, click on the Chrome menu icon (three vertical dots at the top-right of your browser window) and select More Tools > Developer Tools

3. The Developers Tools opens as a docked panel at the side or bottom of Chrome. Select the tab Network (Figure 1.)

Figure 1.

4. Look for a round Record button in the upper left corner of the Developer Tools toolbar and make sure it is red. If it is grey, click it once to start recording or just press CTRL+E (Figure 2.)

Figure 2.

5. Activate the checkbox Preserve log (Figure 3.)

Figure 3.

6. Click the Clear button to clear out any existing logs. The Clear button has a stop icon and is located on the right of the Record button (Figure 4.)

Figure 4.

7. Reproduce the issue you are experiencing while the network requests are being recorded.

8. Once you have reproduced the issue, right-click anywhere on the list of recorded network requests, select Save all as HAR with Content, and save the file to a location of your preference on your computer (e.g. on your Desktop).

9. From the IBKR Client Portal, go to the Message Center and create a new Web Ticket (or use an existing one when applicable)

10. Within the Web Ticket, attach the .har file previously generated.  In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.

11. Submit the Web Ticket

 

To generate the HAR file for Firefox:

1. Open Firefox and go to the page where the issue is occurring

2. Press F12 on your keyboard. Alternatively click the Firefox menu icon (three horizontal parallel lines at the top-right of your browser window), then select Web Developer > Network

3. The Developers Network Tools opens as a docked panel at the side or bottom of Firefox. Select the tab Network (Figure 5.)

Figure 5.

4. Activate the checkbox Persists logs (Figure 6.)

Figure 6.

5. Reproduce the issue you are experiencing. The recording of the network request starts automatically.

6. Once you have reproduced the issue, right-click anywhere on the list of recorded requests and select Save All As HAR

7. Save the file to a location of your preference on your computer (e.g. on your Desktop)

8. From the IBKR Client Portal, go to the Message Center and create a Web Ticket (or use an existing one when applicable)

9. Within the Web Ticket, attach the .har file previously generated.  In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body

10. Submit the Web Ticket

 

To generate the HAR file for Microsoft Edge:

1. Open Edge and go to the page where the issue is occurring.

2. Press F12 on your keyboard. Alternatively click the Edge menu icon (three horizontal dots at the top-right of your browser window), then select More Tools > Developers Tools

3. Click the Network tab (Figure 10.)

Figure 10.

4. Reproduce the issue that you were experiencing before, while the network requests are being recorded.

5. Once done click the floppy disk icon (Export as HAR) or press CTRL+S (Figure 11.)

Figure 11.

6. Provide a filename and a location of your preference on your computer (e.g. on the Desktop). Then click the Save button

7. From the IBKR Client Portal, go to the "Message Center" and create a Web Ticket (or use an existing one when applicable)

8. Within the Web Ticket, attach the .har file previously generated.  In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.

9. Submit the Web Ticket

 

To generate the HAR file for Safari:

Note: Before generating the HAR file, make sure you can see the Develop menu in Safari. If you do not see this menu, click on the menu Safari, choose Preferences, go to the tab Advanced and activate the checkbox next to Show Develop menu in menu bar

1. Open the Develop menu and select Show Web Inspector or press CMD+ALT+I

2. Click the Network tab (Figure 12.)

Figure 12.

3. Activate the checkbox Preserve log (Figure 13.)

Figure 13.

4. Click on the icon Export (or press CMD+S), provide a filename and a location of your preference on your computer (e.g. on the Desktop) and save the .har file

5. From the IBKR Client Portal, go to the "Message Center" and create a Web Ticket (or use an existing one when applicable)

6. Within the Web Ticket, attach the web archive file previously generated.  In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.

7. Submit the Web Ticket

 

How to use Voice callback for receiving login authentication codes

Background: 

 If you have SMS enabled as two-factor authentication method, you may use Voice callback to receive your login authentication codes. This article will provide you steps on how to select voice callback when logging in to our platforms.

 

How to use Voice callback
 
You may select Voice if you do not receive your login authentication code. You will then receive your login authentication code via an automated callback. Follow the instructions below, depending on which platform you are trying to login to.
 

 

Client Portal

1. Click on "Didn't receive a security code?"

2. From the two options, select "Voice" and wait for the callback.

3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

TWS

1. Click on "Request new Security Code"

2. From the two options, select "Voice" and click on OK. Then wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

Note: Voice callback for the TWS is only available in the LATEST and BETA version.

 

IBKR Mobile - iOS

1. Click on "Request New Code"

2. From the two options, select "Voice" and wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

IBKR Mobile - Android

1. Click on "Request New Security Code"

2. From the two options, select "Voice" and wait for the callback.

 3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.

 

References:

 

IBKR Mobile Authentication (IB Key) Use Without Notifications

In case your smartphone is unable to receive IBKR Mobile notifications, you can still complete the login process using the IBKR Mobile Authentication (IB Key) Challenge/Response method, described on the following pages (according to your device operating system):

The same information applies to you if your phone has no Internet connectivity (you are in roaming, out of coverage, without an active mobile data plan, etc.)

If your smartphone is unable to receive IBKR Mobile notifications despite having Internet connectivity, we recommend you to perform the steps outlined in the IBKR Knowledge Base.

 

TWS / IB Gateway and their interaction with Proxy servers

Table of contents

 

Configuration instructions
  1. Can the TWS / IB Gateway operate through a Proxy server and how?
  2. If I use a SOCKS Proxy server, do I need to configure the TWS / IB Gateway?
  3. If I use a SOCKS Proxy server, do I need to configure the client machines where TWS / IB Gateway runs?
  4. If I use a Web (HTTP) Proxy server, do I need to configure the TWS / IB Gateway?
  5. What alternatives do I have in case I cannot implement a proxy solution on my network?
Common issues
  1. Your computer is set up to use a Proxy but there is no actual Proxy running on the network
Technical Background
  1. What is a Proxy server?
  2. Which types of Proxy servers are commonly used and where?

 

Configuration instructions

1. Can the TWS / IB Gateway operate through a Proxy?

Upon start-up and as well during the run-time The TWS / IB Gateway needs to establish and maintain direct network connections to our gateways and market data servers1. Such connections are created from random local TCP ports (above 1024) and are directed to TCP ports 4000 (or TCP 4001 if you tick the "Use SSL checkbox" within the TWS login screen).  Since those are not HTTP connections, they cannot be serviced by a Web (HTTP) Proxy. They can only be serviced by a SOCKS Proxy.

From within the TWS interface, you can access several external services, such as IBKR Client Portal, Statements, Contract details, Bond Search... Those services, being Web based, can be accessed through a Web (HTTP) Proxy (see section 6 for details and configuration) or through a SOCKS Proxy (see sections 4. and 5. for details and configuration). 

 

2. If I use a SOCKS Proxy server, do I need to configure the TWS / IB Gateway?

The TWS / IB Gateway does not contemplate an option for SOCKS proxy forwarding and hence does not have a place where an explicit SOCKS Proxy host/port can be configured. This does not mean that the TWS / IB Gateway cannot work with a Proxy. It simply means that the TWS / IB Gateway is unaware of the underlying SOCKS proxy set up (proxy-agnostic).

Important Note: While it is impossible for us to determine whether a Proxy is enabled on your network, we assure you that all IBKR platforms, including the TWS, do not impact nor influence your network configuration.

 

3. If I use a SOCKS Proxy server, do I need to configure the client machines where TWS / IB Gateway runs?

The connections started by the TWS / IB Gateway can be redirected to a SOCKS (Application) Proxy through a specific client machine setup. We mention some of them below. Please note, that the final decision is yours and none of the below suggestions can be recommended by us as best adapted to your setup and requirements.

3a. Using a Proxy Client software installed on the client machine where TWS / IB Gateway is running

With this setup the Proxy client will intercept the connections (not only HTTP but for other ports as well) initiated by the TWS / IB Gateway and redirect them to a SOCKS proxy server. . The typical benefits of a transparent proxy include a standard enterprise
configuration where all clients routed to the internet will always be filtered and protected no matter what the end users do, or change, on their machines and the added benefit of reduction in typical user’s client-proxy configuration troubleshooting.

3b. Using a so-called Proxifier

This configuration is very similar to the one at point 5a with the only difference that the Proxifier software can be set to redirect to a Proxy all the request started by a specific process (e.g. C:\Jts\tws.exe ; C:\JTS\ibgateway\XYZ\ibgateway.exe), hence instating a process level packet
forwarding instead of a port level forwarding. This set up allows handling environments where different proxy servers are used for different applications or where you would like to address a specific application requirement without modifying/disrupting the connectivity schema for other software installed. The advantage of this solution is a minimal maintenance since the connectivity schema is bound to the process and not to the hosts/ports.

3c. Using specific network routing on client machine

With this setup you can modify the client machine standard network routes, adding new ones in order to forward packets with specific destinations (e.g. Order routing and Market Data servers1) to a different gateway.
This gateway will then be in charge of routing those request to the destination hosts. This solution has as well the benefit of not modifying/disrupting the connectivity schema for other software installed but usually require more maintenance on the gateway and on the client machined in case the IP of the destination servers are changed or in case new servers are added.

 

4. If I use a Web (HTTP) Proxy server, do I need to configure the TWS / IB Gateway?

If the Workstations on your local network access the Web content through a Web (HTTP) Proxy, you need to specify the Web Proxy IP Address and port. To do this, click on More Options at the bottom of the TWS Login Screen, and enter your Proxy server details in the fields Host and Port (see Figure 1 below). The same fields are present in the IB Gateway Login Screen.

Figure 1.

The Web Proxy you set there will ONLY be used to fetch the web content accessible from within the TWS (e.g. Client Portal, Statements, Product Details, etc.)

 

5. What alternatives do I have in case I cannot implement a proxy solution on my network?
In this case you might orient yourself towards a different type of access to the IBKR infrastructure, which includes a special connection type and a FIX/CTCI engine setup. This setup would, on the other hand, have different requirements as well in terms of commissions2.  

 

Common Issues

6. What happens if the proxy configuration on your computer is wrong or outdated?

Occasionally, a third-party software, even if already uninstalled, may left behind a SOCKS proxy configuration on your computer. This may also happen if your computer has been infected with malware. In such cases, the proxy server, although configured, is actually non-existent or not accessible on the network. In such scenarios, the TWS will show an error message (e.g. No Internet Connectivity) and/or start the "Connection attempt #" loop upon login. The same will happen if the Proxy server exists but it has not been correctly configured on the client machines.

6a. How can I correct the proxy configuration if wrong?

When applicable, we recommend you to always consult the IT / Networking team of your company first and ask for guidance.

If you are autonomously managing your network, please follow the instructions below according to the Operating System of your machine/s:

Windows

W.1 Press CTRL+S to open the Windows search

W.2 Type Proxy Settings and press Enter

W.3 If no Proxy is present on your network, make sure the switch "Use a proxy server" is deactivated (see Figure 2 below). If a Proxy server is active on your network, make sure the Address (or hostname) and Port are correctly defined.

Figure 2.

 

Mac

M.1 Click on the Apple icon at the top left corner of the screen and select System Preferences

M.2 Click on Network

M.3 Select the Network connection you are using to access the Internet (e.g. Wi-Fi) and click on it

M.4 Click on the Advanced button and then on the Proxies tab

5. If no Proxy is present on your network, make sure all the checkboxes (SOCKS Proxy, Web Proxy, Secure Web Proxy) are deactivated (see Figure 3 below). If a Proxy is present on your network, make sure the Protocol, Address (or hostname) and Port are correct.

Figure 3.

 

7. You are using Public proxies and proxy chains to hide your presence or identity

There are public proxy and proxy chains services purposed to disguise or hide the identity and the activity of the subscriber or to bypass regional restrictions. One of the most famous of such services is the "Tor" network.

While those services may not necessarily be used for criminal purposes, they render the subscriber traceability very difficult when not impossible. Since IBKR is obliged by the financial industry regulators to maintain records of trading activities and trade initiators, we do not allow our clients to reach our systems while using an anonymizing service. If you are using such service, your TWS connection attempts will be automatically rejected by our gateways.

 

Technical Background

8. What is a Proxy Server?

A Proxy Server usually acts as a gateway and as a barrier between your local network and the Internet. The Proxy listens for outgoing connection requests from the internal workstation/s and forwards them to the desired target host or service on the Internet. When the target replies to such requests, the Proxy takes care of routing the incoming responses back to the internal workstation/s that initiated the process.

Being the Proxy the only machine of your network actually accessing the Internet, it prevents the other machines and the internal segment of your network (LAN) from being accessible by external actors and hence from being exposed to threats and intrusion attempts.

Additionally, a Proxy server can offer a variety of other services such as web content caching and filtering.

 

9. Which types of Proxy servers are commonly used and where?

Proxy server are commonly found within enterprise-grade networks. In the vast majority of cases proxies are not used by individuals since private broadband connections are established through consumer-grade routers that already offer built-in proxy/firewall solutions. An exception is represented by public proxy or proxy chains discussed in details in the section You are using Public proxies and proxy chains to hide your presence or identity

There are two main types of Proxy servers:

9a. Web (HTTP) Proxies

The HTTP (Hypertext Transfer Protocol) defines the rules and the standards for fetching Web content from a Web server and rendering such content on your Web Browser.

A Web Proxy handles only the routing of HTTP requests and HTTP responses. Those requests are transparently generated and sent by your browser whenever you access a Web page.  Such requests are normally sent using specific ports (TCP 80 and TCP 443), hence a Web Proxy usually listens for outgoing HTTP requests coming from your internal network (LAN) only on the TCP ports mentioned above.

9b. SOCKS Proxies

SOCKS (Socket Secure) Proxies are designed to handle any type of traffic (not only HTTP/S traffic), generated by any protocol or program (including Trader Workstation).

 

Notes

1. More information about the servers accessed by the TWS are available in IBKB2816.

2. For an overview of the different special connection options and related requirements, please click here.
For an overview of the FIX infrastructure, please click here

 

How to solve: "Another user is running Tax Optimizer"

Background: 
How do I launch the Tax Optimizer?
To launch Tax Optimizer, login to Client Portal and select Reports followed by Tax Documents. Once you have selected a Day, click on Launch Tax Optimizer. For additional details, please consult the Client Portal Users' Guide
 
Requirements:
  • Tax Optimizer requires the presence of a Java Runtime Environment (JRE) installed on your machine. Should you not have a JRE installed, please go to the web page java.com and install the latest one by clicking the button "Free Java Download". Please follow the instructions on the Java download page to complete the installation.
  • Your operating system should be configured to open the .jnlp files within the Java Runtime Environment. This configuration should be automatically set during the JRE installation. If, for some reason, the file association is broken, we recommend to reinstall the JRE to instate it again.

 

How to overcome the error message "Another user is running Tax Optimizer"?

1. Log in to the IBKR Client Portal
 
2. Click the "Profile icon" in the upper right corner of the IBKR Client Portal and click on Log Out
 
3. Continue selecting one of the two options according to your operating system:

 

If you use Windows

a. Press CTRL + ESC on your keyboard
 
b. Start directly typing the word "Java" and then click on Configure Java from the search results
 
c. In the Java Control Panel, click on Settings...
 
d. Click on the Delete Files...
 
e. This will open Delete Files and Applications window. Check all options listed, then click on OK
 

f. Once you have cleared your Java cache, log back into the Client Portal and try launching Tax Optimizer again. You should now be able to open the application. If you are still not able to launch the Tax Optimizer and you receive the same error as before (Another user is running Tax Optimizer), please perform the additional steps below:

g. Press the key combination Win(Windows Key) + E  and navigate to the directory: C:\Users\<your windows user>\ibto

 
h. Select all files in the ibto folder, right-click on the selection and choose Send to > Compressed (zipped) folder. The zipped file will be created in the same ibto directory
 
i. Compose a New Ticket in the Message Center, informing us of this issue. Please attach the Zip file you created at the previous step (h.) to your ticket
 
 
 

If you use Mac OS

a. Click on Apple icon on the top left and select System Preferences
 
b. Click on the Java icon located at the bottom to open the Java Control Panel
 
c. In Java Control Panel, navigate to Web Settings > Temporary Files Settings, then click on Delete Files
 
d. This will open the Delete Files and Applications window. Check all options listed, then click on OK
 

e. Once you have cleared your Java cache, log back into the Client Portal and try launching Tax Optimizer again. You should now be able to open the application. If you are still not able to launch the Tax Optimizer and you receive the same error as before (Another user is running Tax Optimizer), please perform the additional steps below:

 

f. Press the key combination CMD + SHIFT + H, then go to folder ibto
 
g. Select all files in the ibto folder, right-click and select Compress 6 ItemsThe zipped folder will be created in the same directory
 

h. Compose a New Ticket in the Message Center, informing us of this issue. Please attach the Zip file you created at the previous step (g.) to your ticket

 

References:

 

How to fix the "Cannot create ... file" error during TWS installation on MacOS

Background: 

The filesystem permissions are controlled by your machines operating system. One of their functions is to secure your files, preventing unauthorized access or undesired modifications to the system and to your personal data.   

Some software on your computer may modify or override the permissions assigned by the operating system. Under certain circumstances, this prevents the TWS installer from accessing the folder where the application core files have to be created (/users/youruser/home/Applications). In such cases, the TWS installation usually displays the error "Cannot create ... file. Shall I try again?"

In this article we explain how to reset the filesystem permission of the "Applications" folder located under your user home folder in order to allow a smooth run of the TWS installation.
 

Procedure:

 
1. On your keyboard, press ⌘CMD + ⇧Shift +H to open your home folder
 Figure 1
 
2. Select the folder "Applications" within your home folder and press ⌘CMD + I to open the Info panel
 Figure 2
 
2. At the bottom right of the panel, click on the padlock
 Figure 3
 
3. To unlock the permissions panel, enter your MacOS credentials and click OK
 Figure 4
 
4. In the line correspondent to "everyone", click on "No Access" (Figure 5) and then select "Read & Write" (Figure 6)
 Figure 5                                                                            Figure 6
 
 
5. Click on the icon bellow the permissions panel and select “Apply to enclosed items..."
 Figure 7
 
6. Now run the TWS installer and click on Next> until you complete the installation
 Figure 8

7. Once the installation has completed successfully, repeat the previous steps from 1. to 5. setting back the permissions of “everyone” to “Read Only” to revert your changes to the initial status

 

 

Syndicate content