Setup and configure Bit locker network unlock remotely

Got a question around Bitlocker  Network Unlock.

Thought first it be useful to add some details of the infrastructure

2008 R2 Domain controllers....Yes I know! 

Windows based PKI infrastructure

Server 2019 running Windows Deployment services

Using MBAM.

Bitlocker 256-bit encryption used with startup PIN 

Windows 10 Enterprise, managed using Microsoft Configuration Endpoint Manager 1910

So after a successful implementation of BitLocker, we now want to move to the next stage of implementing network unlock on machines on the internal network. 

Followed this article https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock#bkmk-unsupportedsystems

All configuration on server side complete, certificate is valid and on the client. BitLocker config currently performed by MCEM at OSD. additional policies set within GPO including network unlock set to enabled. Running manage-bde status shows Network (certificate based) key protector with correct certificate thumbprint and is also show in registry. 

Does anyone have any experience with network unlock. Whilst the core requirements are Windows 2012 I understand this is for the WDS server which is server 2019 and you can still use this with 2008 DCs as mentioned in the article but struggling to understand why it still doesnt work. 

I have tried the implementation on both a desktop and laptop, the laptop doesn't have an onboard network card (as most new thin laptops) and has to use an ethernet adapter, all the requirements on client side have been met such as TPM, native mode etc so should still work and is able to PXE boot successfully for OSD build.

Any suggestions would be greatly appreciated.