I have two hypervisors running the Dell custom ESXi 7.0 update 2 image with no vCenter management.  One of them I was able to join to Active Directory with no problem at all.  The other one keeps failing to join.  This is what I'm seeing in syslog when attempting to join:

2021-04-26T14:56:38Z lwsmd: [lsass] Joining domain MYDOMAIN.NET
2021-04-26T14:56:38Z lwsmd: [lsass] Affinitized to DC 'AD1.mydomain.net' for join request to domain 'MYDOMAIN.NET'
2021-04-26T14:56:38Z lwsmd: [netlogon] Filtering list of 2 servers with list of 0 black listed servers
2021-04-26T14:56:48Z lwsmd: [lwio] GSS-API error calling gss_init_sec_context: 851968 (Unspecified GSS failure.  Minor code may provide more information)
2021-04-26T14:56:48Z lwsmd: [lwio] GSS-API error calling gss_init_sec_context: 100005 (Clock skew too great)
2021-04-26T14:56:48Z lwsmd: [lsass] Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 31, symbol = ERROR_GEN_FAILURE, client pid = 2168647

I presume the clock skew is the culprit, but I'm confused as to why it thinks there is a skew in the first place.  I have both hypervisors configured to retrieve time from the same external NTP server.  The time and dates look identical on both hypervisors from both the command line "date" command and from the ESXi web console.  Both hypervisors are in synch with the Active Directory server as well.  The two GSS-API look like Kerberos-related errors, but I can't figure out where the disconnect is.  I'm not sure where else to look at this point.