First published on MSDN on Aug 17, 2015
In Windows Server 2012 R2 and previous versions, a cluster could only be created between member nodes joined to the same domain. Windows Server 2016 breaks down these barriers and introduces the ability to create a Failover Cluster without Active Directory dependencies. Failover Clusters can now therefore be created in the following configurations:
The prerequisites for Single-domain clusters are unchanged from previous versions of Windows Server.
In addition to the pre-requisites of Single-domain clusters, the following are the pre-requisites for Multi-domain or Workgroup clusters in the Windows Server 2016:
new-itemproperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1
Without setting this policy you will see the following error while trying to create a cluster using non-builtin administrator accounts.
Workgroup and Multi-domain clusters maybe deployed using the following steps:
2. Ensure that each node to be joined to the cluster has a primary DNS suffix.
For Multi-domain Clusters ensure that the DNS suffix for all the domains in the cluster is present on all cluster nodes.
3. Create a Cluster with the Workgroup nodes or nodes joined to different domains. You may use the Failover Cluster Manager or Microsoft PowerShell.
Using Failover Cluster Manager
The following video shows the steps to create a Workgroup or Multi-Domain cluster using the Failover Cluster Manager UI.
[video width="1920" height="1080" mp4="https://msdnshared.blob.core.windows.net/media/2016/08/WorkgroupCluster.mp4"][/video]
Using PowerShell
When creating the cluster, use the AdministrativeAccessPoint switch to specify a type of DNS so that the cluster does not attempt to create computer objects.
New-Cluster –Name <Cluster Name> -Node <Nodes to Cluster> -AdministrativeAccessPoint DNS
The following table summarizes the workload support for Workgroup and Multi-site clusters.
Cluster Workload |
Supported/Not Supported |
More Information |
SQL Server |
Supported |
We recommend that you use SQL Server Authentication. This will apply to only SQL Server Always On Availability Groups (AGs). SQL Server Failover Cluster Instances (FCI) will require Kerberos for Active Directory authentication. |
File Server |
Supported, but not recommended |
Kerberos (which is not available) authentication is the preferred authentication protocol for Server Message Block (SMB) traffic. |
Hyper-V |
Supported, but not recommended |
Live migration is not supported. Quick migration is supported. |
Message Queuing (MSMQ) |
Not supported |
Message Queuing stores properties in AD DS. |
The witness type recommended for Workgroup clusters and Multi-domain clusters is a Cloud Witness or Disk Witness. File Share Witness (FSW) is not supported with a Workgroup or Multi-domain cluster.
It is recommended that nodes in a cluster have a consistent configuration. Multi-domain and Workgroup clusters introduce higher risk of configuration drift, when deploying ensure that:
It should be ensured that the cluster node and network names for Workgroup and Multi-domain clusters are replicated to the DNS servers authoritative for the cluster nodes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.