Firstly, if you are running a commercial cluster you can open support tickets with a guaranteed SLA instead of mailing list posts.
The answers to your questions are in line, however:
- To diagnose I tried connecting with a dot net client to one node directly using the same connection string format that we use for a single instance “tcp://admin:changeit@endpoint:1113”. Is this a valid diagnostic, or is this not valid for cluster nodes.
Yes, this is valid, but obviously will not get you any of the benefits of automatic client failover etc. Regardless of which node you connect to, writes will be forwarded to the cluster leader transparently and returned to your client.
- In addition we have only IPs for the cluster at the moment, so have to use connection string “GossipSeeds=192.168.0.2:1111,192.168.0.3:1111; HeartBeatTimeout=500” This is missing the credentials, how are they included.
Gossip is on the (unauthenticated) private interface, so no credentials are needed. We have discussed in the past allowing for client certificates for machines here. If you’re concerned about this, you’ll likely want to set up the SSL transit as a minimum rather than using the default unencrypted protocols.