We have an ongoing issue with WEF and WECs when new WEFs are added to the Security Group which is Source for the WEC.
WEFs are configured through GPO which targets the correct WEC for the Site, and then has a Security Group as Source in the Subscription.
The issue is that when we add a new Server to that Security Group, it gets the GPO applied but it can't connect to the WEC.
Error code is 5 and message is Access Denied.
The weird thing is that if we wait for a random extended period of time, the WEC starts accepting the WEF and the issue solves itself, without any modifications from our side.
Another weird thing is that if we add that new Server directly as a Source in the WEC subscription instead of through the Security Group, it starts working immediately.
We already tried rebooting the WEC, removing and re adding the Security Group as Source, doing a Kerberos purge.
The only thing we haven't tried because we can't is rebooting the new added WEFs, which would be very impractical if we need to add a lot of servers at the same time, many of them being in Production.
I'm out of ideas on why this is happening.