• A PSC 6.0 node automatically moves out of active directory domain.
   
• In the AD configuration of the PSC, both the Join and Leave buttons are grayed out.
  
  For an external PSC: Appliance Settings > Manage > Active Directory.
  For embedded PSC: vCenter WebClient > Administration > System Configuration > Nodes > <vCenter Node> > Manage > Settings > Active Directory
   
• Joining the domain using CLI succeeds. However, this might revert later.
   
• In the /var/log/messages.log file, you see entries similar to:
  
  Failed to run provider specific request (request code = 12, provider = ‘lsa-activedirectory-provider’) -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 2456
  
  OR
  
  netlogond[3085]: 0x7fa255c8d700: DNS lookup for ‘_ldap._tcp.dc._msdcs.DOMAINNAME’ failed with errno 0, h_errno = 1

This issue occurs because the PSC is unable to communicate to the active directory server / DNS server establishing the network connectivity satisfying all network packets.

Some of the network packets are filtered over firewall and thus resulting in IPfilter Dropped message as shown in symptoms section.

1. Verify that the required ports are open. For more information, see the Required Ports for vCenter Server and Platform Services Controller section in the vSphere 6.5 Upgrade Guide.
    
2. Log in to the PSC appliance through SSH session.
    
3. Run this command to check the status of likewise daemon in the appliance:
   
   /etc/init.d/lwsmd status
    
4. If the daemon is not running, start it by running this command.
   
   /etc/init.d/lwsmd start
    
5. To ensure it starts up automatically as a startup service, run this command.
   
   chkconfig lwsmd on
    
6. Re-try adding the PSC to the domain.