Released: January 2022 Exchange Server Security Updates

Hi everyone,
I am wondering if anyone can help with an issue we are having when installing Exchange Server 2016 CU21 Jan22SU January 11, 2022 Build 15.1.2308.21 (KB5008631) on our single on premise Exchange server being used for management purposes only (mailboxes are all in O365). Current working version Exchange Server 2016 CU21 June 29, 2021 Build 15.1.2308.8
The server is a VM and we took a snapshot before we installed the patch so we could roll back if we had any issues. The patch was installed using both WSUS and an administrative CMD prompt but we ran into the same problem regardless (the server was restarted after the patch).
The error is as follows when trying to open ECP

Event log ID 1003

From the below article
https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired?preserve-view=true#resolution
we ran
(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List
and got the following error

The article suggests that this issue occurs if the Exchange Server Open Authentication (OAuth) certificate is expired, not present, or not configured correctly which ties in with the above and the Event ID: 1003 errors that we are seeing in Event Viewer and the fix is to deploy a new OAuth certificate to the Exchange server.
However, when we rolled the sever back to a working state (Build 15.1.2308.8) before KB5008631 was applied and successfully managed to get back into the ECP we noticed that when we ran the cmd again the same error is still present!

So my question is why can I get into the ECP on Build 15.1.2308.8 when I get the certificate error and not when installing Build 15.1.2308.21???
How am I going to be able to patch this server going forward?
All help / advice would be gratefully received.
Thanks for reading!
Kind Regards
Robert