Workgroup and Multi-Domain Clusters in Windows Server 2016

Hi, folks!

In Windows Server 2012/2012 R2 and previous versions, there is one global requirement for cluster : single-domain joined nodes . Active Directory Detached cluster, which was introduced in 2012 R2, has the same requirement and does not provide advanced flexibility either. Beginning from Windows Server 2016 (Technical Preview 3/future RTM)  you have additional options : create cluster with nodes in Workgroup and create cluster in multi-domain environment.

My demo:

WS 2016 TP3 on tp3-1 and tp3-2 nodes. Workgroup joined (default settings). No storage.


Single-Domain clusters:.

  • All servers must be running Windows Server 2016 (TP3 is the latest build of WS 2016 RTM is available. The process and requirements are the same)
  • All servers must have the Failover Clustering feature installed.
PS C:\Users\rlevchenko> Install-WindowsFeature Failover-Clustering -IncludeManagementTools

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {Remote Server Administration Tools, Failo...

Multi-Domain and Workgroup clusters:

  • Failover Clustering mmc is not supported. Use Powershell.

Under local user, Workgroup (same for previous Windows Server ) :

failover cluster manager 2016 workgroup multi-domain

  • To create new cluster you must have local user with administrative privileges on each node. The username and password must be the same on all nodes.
PS C:\Users\rlevchenko> net user /add cluadm Password
The command completed successfully.
PS C:\Users\rlevchenko> net localgroup administrators cluadm /add
The command completed successfully.
  • If you receive error “Requested Registry access is not allowed” you need to changeLocalAccountTokenFilterPolicy value to 1 :
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1
The command completed successfully.
  • Each cluster node must have a primary DNS suffix.

dns suffix workgroup windows server 2016

  • To create new cluster in Workgroup or Multi-Domain you have to use DNS as an Administrative Access Point. Warning can be safely ignored (see below)
PS C:\Users\rlevchenko> New-Cluster -Name WGCL -Node tp3-1,tp3-2 -AdministrativeAccessPoint DNS  -StaticAddress
WARNING: There were issues while creating the clustered role that may prevent it from starting. For more information
view the report file below.
WARNING: Report file location: C:\Windows\cluster\Reports\Create Cluster Wizard WGCL on 2015.09.02 At 14.26.58.htm


PS C:\Users\rlevchenko> Get-ClusterNode

Name                 ID    State
----                 --    -----
tp3-1                1     Up
tp3-2                2     Up

PS C:\Users\rlevchenko> Get-ClusterResource

Name               State  OwnerGroup    ResourceType
----               -----  ----------    ------------
Cluster IP Address Online Cluster Group IP Address
Cluster Name       Online Cluster Group Network Name

There is 1 warning in the report. It’s expected :

No appropriate disk could be found for the witness disk


Workgroup and Multi-Domain clusters support only Disk Witness or Cloud Witness (Azure Storage). There is no support for File Share Witness (!)

Cloud witness example

Create storage in Azure:

azure cloud witness 1

Note storage account name and primary access key

windows server 2016 azure cloud witness 2

Change witness options in FCM:

windows server 2016 azure cloud witness

Paste access keys from above (azure storage name and account key are required + change service endpoint if it is required (very rare)):

windows server 2016 azure cloud witness 3

Or use Powershell (with default endpoint value, “-Endpoint”):

Set-ClusterQuorum -CloudWitness -AccountName <StorageAccountName> -AccessKey <StorageAccountAccessKey>

The following table summarizes whether this deployment method is supported for a specific cluster workload.

Cluster Workload

Supported/Not Supported

More Information

SQL Server


We recommend that you use SQL Server Authentication for an Active Directory-detached cluster deployment.

File server

Supported, but not recommended

Kerberos authentication is the preferred authentication protocol for Server Message Block (SMB) traffic.


Supported, but not recommended

Live migration is not supported because it has a dependency on Kerberos authentication.

Quick migration is supported.

Message Queuing (also known as MSMQ)

Not supported

Message Queuing stores properties in AD DS.

Some restrictions in TP3:

  • The following tests will incorrectly generate an Error and can safely be ignored:
    • Cluster Configuration – Validate Resource Status
    • System Configuration – Validate Active Directory Configuration
  • The Get-ClusterDiagnostics cmdlet is not supported on Workgroup and Multi-domain clusters in the Windows Server 2016 TP3 release.

I’ll keep this post up-to-date.

Designing Software-Defined Storage for Windows Server

Software-Defined Storage Design Calculator (Excel, current version 1.0, does not support Windows Server 2016 yet):

windows server storage calculator quick:

Advanced mode:

windows server storage calculator advanced


New published guide on TechNet:

Software-Defined Storage Design Considerations Guide

Who is this guide intended for? Information technology (IT) professionals within small, medium, and large organizations who are responsible for designing a storage solution that supports virtualized or other workloads.

How can this guide help you? You can use this guide and the Software-Defined Storage Design Calculator spreadsheet to design a storage solution that uses the Storage Spaces and Scale-Out File Server functionality of Windows Server 2012 R2 along with cost-effective servers and shared serial-attached SCSI (SAS) storage enclosures.

Storage Spaces is a software-defined storage technology that enables you to virtualize storage by grouping SSDs and hard disks into storage pools and then creating high-performance and resilient virtual disks, called storage spaces, from available capacity in the pools. You can then place Cluster Shared Volumes (CSVs) and file shares on these virtual disks, which in turn host data for your workloads

%d bloggers like this: