I have a cluster of 5 failover pairs, 4 are in a workgroup while 1 pair is in a domain. Credentials for the built-in administrator is the same on all agents.
When the agent in a domain tries to connect to another agent(workgroup), SLNet authenticates via "domain\hostname$"(computer account) while agents in a workgroup authenticates via "NT_authority\anonymous". Unfortunately this results in authentication to fail using "domain\host$" and thus the agent in domain cannot communicate with the rest of the cluster while the 4 agents in a workgroup have no communication issues.
Skyline worked around the issue by configuring connection strings for the agent in a domain.
However, the users would like an explanation in order to understand how SLNet authentication is working on their setup, therefore they want to know:
1. Does DataMiner support this type of architecture where some agents are in a domain while others are not?
2. Why authentication is different between agents in a domain and agents in a workgroup?
3. Is it not possible to use "NT_authority\anonymous"?
4. If it Windows who decides to authenticate via "domain\hostname$"? Can DataMiner not avoid this?
From an IT point of view it sounds very normal that DMA's that are in the same cluster need be in the same workgroup/domain. This is also the case when you configure a Windows server cluster.
I think that's also why we used to set the workgroup name to "Skyline" during the manual DMA installations. This step can still be found in old installation manuals.