PCI computers no longer receiving WSUS updates after being added to domain

Our PCI computers are no longer receiving WSUS updates after being added to the domain.

We have checked GPO settings and submitted firewall exceptions to open ports 8530&8531.

The Windows Update log is showing the following, AI hasn't been terribly helpful in troubleshooting...

"2025/04/03 08:24:10.5755312 7912  7888  Agent           FAILED [8024500C] wuauengcore.dll, C:__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1831 2025/04/03 08:24:10.5755328 7912  7888  Agent           FAILED [8024500C] wuauengcore.dll, C:__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1376 2025/04/03 08:24:10.5755340 7912  7888  Agent           FAILED [8024500C] wuauengcore.dll, C:__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1387 2025/04/03 08:24:10.5755352 7912  7888  Agent           FAILED [8024500C] Method failed [CAgentServiceManager::DetectAndToggleServiceState:3018] 2025/04/03 08:24:10.5755361 7912  7888  Agent           FAILED [8024500C] SLS sync failed during service registration (cV: aWsdrmNHxE+Owokr.1.0.0.)

We have no proxy interfering, ICMP has been disabled for PCI compliance, PCI machines can resolve DNS for WSUS server, we've tried clearing the cert URL cache, tried an offline update of the Trusted Root Certs store, we've stopped and restarted wuauserv, bits, cryptsvc and renamed catroot, & scecomp.

We have other comps on protected VLANs that seem to be getting the updates, so I'm almost wondering if this is GPO related, but would greatly appreciate any suggestions and/or recommendations!