Its good that you figured out the solution. This was mentioned in installation guide. Some details are here.
If your cluster machines are in workgroup you need to use Local User account and this account must have the folliwing permisstions:
Generate Security Audits, Bypass traverse checking, and Logon as a service
Grant the account this permission by using the Local Security Policy (Secpol.msc) tool, and moving to the following path: Secpol.msc, Security Settings, LocalPolicies, and User Rights Assignment. Add the account to each of the policies listed above.
Please refer to Installation Guide for more details.