SCCM Bitlocker - will not start encryption

Bumping this back up - trying to get this going again, not getting the bitlocker pop up anymore, but still not encrypting 

• Fresh image of windows 11 23H2 (although this was happening on a W10 machine as well)

• RDP'd in to get screenshots, other than that, it's been on the domain.

• Installed via this site https://www.systemcenterdudes.com/sccm-mbam-integration/

here is the full troubleshooting that i've done

• MP is EHTTP 

• IIS Site on MP is HTTPS 

• Client is in an OU with no GPO's for BL

• Client is completely decrypted

1. Created Policy

2. Deployed it to my test collection

3. MP created folder G:\SMS_CCM\Microsoft Bitlocker Management Solution 

4. MP created IIS site SMS_MP_MBAM

   1. SSL settings defaulted to "Require SSL" and "client certificates > ignore" (keeping this setup for now)

5. Client received and installed the MDOP MBAM software 

6. Client - Manage-bde -status shows fully decrypted, protection off, bitlocker version 2.0

7. Client - Bitlockermanagement_grouppolicyhandler.log shows the same "could not check enrollment URL" error

8. Client - Policyagentprovider.log does show settings changes right after i created the change

9. Client - Regedit under the FVE group doesn't show "KeyRecoveryServiceEndPoint" 

   1. Screenshots below

   2. shows all settings HAVE gone down

10. Event viewer still showing the error "unable to connect to the MBAM recovery and hardware service" 

11. Client - can get to the HTTPS site of the MP via the following 

12. https://<FQDN>/  

13. https://<FQDN>/sms_mp_mbam/ (asks for ID and PW) 

14. https://<FQDN>/sms_mp_mbam/coreservice.svc 

    1. Screenshot below

15. changed SSL settings on SMS_MP_MBAM to accept client certs - same issue 

16. changed SSL settings on the default MP site to accept client certs - same issue

it's somehow unable to communicate but i'm really unsure how if it's able to get to the HTTPS sites without any issue