Unable to Hybrid Join computers

Hi there, 

We have a 2016 std server that runs AAD connect, it syncs users and password hash to 365 and this all works fine. Most of the computers appear in 365 as "Azure AD Registered", however we want them to be Hybrid Joined so that we can manage them with Intune. 

We have followed the guides on setting this up, made the 2 x CNAME, used the GPO to push out the settings (confirmed its working on the computers), however none of them are joining. 

I am seeing some errors 

- On the computers in the properties > Attribute Editor > UserCertificate it is not generating a cert 

- When i run sregcmd /status on a computer, I am seeing errors such as the devices does not exist in Azure

- Looking at AAD Sync - if i run the powershell troubleshooter I see the following - I get Successful for "is found in AD Connector Space -", "is found ni Metaverse" - I get the error for "is not found in AAD connector space" 

- This then lead me to the 3 rules as it was not meeting the requirements and so i disabled them all, but its not working as if it does not have a certificate then it wont sync, effectivly the Device JoinSOAInAD, Device STKKey 

I think i am missing something here but cant seem to figure it out!