fighting for truth, justice, and a kick-butt lotus notes experience.

Traveler HA running on MS SQL Server issue with TLS 1.2 and travelerutil command

 5 April 2019 17:57:17
Last week I installed a new Traveler HA environment at customer side.

We started with Traveler on Domino 10.0.1 from scratch with a Microsoft SQL Server in the back.

When running the travelerutil command to configure the MS SQL connection, we were not able to connect to the MS SQL system seeing the following error: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

The reason for the error, was quickly found and IBM published a matching Technote 2 day earlier on 27th of March.

The MS SQL server is now using TLS 1.2 by default.

The root cause of the issue is the IBM JVM being used by the Domino server for both the HTTP and Traveler tasks.  By default, the IBM JVM tries to use TLS 1.0 and does not retry using TLS 1.2 unless certain JVM options are specified.

If you have an existing Traveler service pool and MS SQL server in the back and your MS SQL admin enabled TLS 1.2, you will be in trouble.

You will have to launch the Domino JVM with an additional JVM option:

The IBM Technote explains the three needed steps in detail:

Step 1:

Create a new file in the domino_data/traveler/cfg folder containing:

Step 2:

Set the following notes.ini JavaUserOptionsFile property to point to the new file created in Step 1


Linux:  JavaUserOptionsFile=/local/notesdata/traveler/cfg/
Windows:   JavaUserOptionsFile=C:\Program Files\Domino\data\traveler\cfg\

Note: If JavaUserOptionsFile parameter already specifies a JVM Options file, simply append this setting the JVM Options file already being used:

Step 3:

Set the notes.ini NTS_JAVA_PARMS property on all Traveler servers.

Note:  If NTS_JAVA_PARMS is already defined, add a space and to the existing value.  

So we created the file and added the JavaUserOptionsFile and NTS_JAVA_PARMS notes.ini properties, restarted the server,  but the travelerutil tool still did not work.

The traveler util is a simple commandline script executing a Java program.

To get it working you will have to add the option to the travelerutil script, too.

Here is an example:  Red marked - what and where we add the option

@echo off

pushd "E:\Lotus\Domino\data"


set PATH=D:\Lotus\Domino;D:\Lotus\Domino;%PATH%

"D:\Lotus\Domino\jvm\bin\java.exe" -cp "D:\Lotus\Domino\Traveler\lib\*""E:\Lotus\Domino\data" com.lotus.sync.util.OfflineUtilities "D:\Lotus\Domino" "E:\Lotus\Domino\data" "D:\Lotus\Domino\notes.ini" %*


After the changes all works fine :-)


1Chris McKenzie  28.05.2019 02:53:51  Traveler HA running on MS SQL Server issue with TLS 1.2 and travelerutil command


I am wanting to set up Traveler HA running on a Availability Group on MS SQL. For this I need to configure traveler to use a windows account to access the database. I can find examples using only SQL login.

Can you please point me to documentation or example that uses traveler HA with a SQL Availability group?



2Detlev Poettgen  30.05.2019 11:45:35  Traveler HA running on MS SQL Server issue with TLS 1.2 and travelerutil command

just send you an mail.

  • Hinweis zum Datenschutz und Datennutzung:
    Bitte lesen Sie unseren Hinweis zum Datenschutz bevor Sie hier einen Kommentar erstellen.
    Zur Erstellung eines Kommentar werden folgende Daten benötigt:
    - Name
    - Mailadresse
    Der Name kann auch ein Nickname/Pseudonym sein und wird hier auf diesem Blog zu Ihrem Kommentar angezeigt. Die Email-Adresse dient im Fall einer inhaltlichen Unklarheit Ihres Kommentars für persönliche Rückfragen durch mich, Detlev Pöttgen.
    Sowohl Ihr Name als auch Ihre Mailadresse werden nicht für andere Zwecke (Stichwort: Werbung) verwendet und auch nicht an Dritte übermittelt.
    Ihr Kommentar inkl. Ihrer übermittelten Kontaktdaten kann jederzeit auf Ihren Wunsch hin wieder gelöscht werden. Senden Sie in diesem Fall bitte eine Mail an blog(a)poettgen(punkt)eu

  • Note on data protection and data usage:
    Please read our Notes on Data Protection before posting a comment here.
    The following data is required to create a comment:
    - Name
    - Mail address
    The name can also be a nickname/pseudonym and will be displayed here on this blog with your comment. The email address will be used for personal questions by me, Detlev Pöttgen, in the event that the content of your comment is unclear.
    Neither your name nor your e-mail address will be used for any other purposes (like advertising) and will not be passed on to third parties.
    Your comment including your transmitted contact data can be deleted at any time on your request. In this case please send an email to blog(a)poettgen(dot)eu