Ok good to know, I do want the functionallity to work however. I have made some progress, most are now showing Web Access protection is non-functional. Seems on those systems even with the policy defined to force it on it fails to start. Locally it's locked/greyed out, and set to off! If I try a manual update I get:
If I check into the advanced settings on the client the user/pass is there. Same policy/settings as my fully working clients.