Hey RizingAdmin,
My server was validating without issue as well, but still was operating like it was broken in half. It may seem odd but as you said, can't rule anything out!
We attempted the same, an entirely new 11.2 server with WFM on it, and it still did not operate. My techs had a 11.2 environment open and ready to go, but somehow their tests worked, when mine didn't. I also inquired on why 11.1 WFM worked without issue, while 11.2 fails completely, that was then again blamed on a change that my network team may have made, I assume that's what the default push is.
What they're now stating is that they believe this is a certificate issue, when once again, it was working without issue in 11.1 with self-signed certificates, and a broken CA signed certificate. I'm not sure what the method of testing they've given you for your network, but please ensure they do not use Test-NetConnection without knowing that a process needs to be listening for that to return true. Even if the ports are open on your machine, they will fail unless a process is listening and you will be told it's your network. If you'd like, I have a PowerShell script that will listen on any port you'd like, and once Test-NetConnection is ran, it will return true as something is listening, it will not work on closed ports of course, so it's a valid test.
I agree that we're in the "early adopter" area and we're facing the repercussions, the support so far has not made really any movement, if anything we're just been in the same spot for 2+ weeks now. Hopefully everything on your side works out! I'll place any updates I get in here.