Thanks for the suggestion. I'd have to check the local clients at the given time to ensure the firewall is set correctly.
I use Group Policy to set the firewall rules, so the failure would be somewhere in there if it did not apply.
Below are the rules for reference. All 3 of those rules you pointed out are in my list.
So far as IGMP enabled on the router\switch, I would need to validate. To my knowledge these same devices are not failing all the time. I'll check with our Networking team to see if they are enabling it by default.
67:UDP:*:Enabled:LANDesk Imaging Broadcast (67)
69:UDP:*:Enabled:LANDesk Imaging PXE TFTP (69)
1759:UDP:*:Enabled:LANDesk Imaging PXE MTFTP (1759)
4011:UDP:*:Enabled:LANDesk Imaging PXE Unicast (4011)
8092:TCP:*:Enabled:LANDesk Remote Console (8092)
9590:TCP:*:Enabled:LANDesk Remote Console (9590)
9591:TCP:*:Enabled:LANDesk Remote Console (9591)
9595:TCP:*:Enabled:LANDesk Agent Discovery (9595\TCP)
9595:UDP:*:Enabled:LANDesk Agent Discovery (9595\UDP)
25:TCP:*:Enabled:LANDesk UDD (25)
139:TCP:*:Enabled:LANDesk UNC (139)
445:TCP:*:Enabled:LANDesk UNC (445)
9535:TCP:*:Enabled:LANDesk Remote Management (9535)
9593:TCP:*:Enabled:LANDesk Software Distribution (9593)
9594:TCP:*:Enabled:LANDesk Software Distribution (9594)
9971:TCP:*:Enabled:LANDesk AMT Discovery (9971)
9972:TCP:*:Enabled:LANDesk AMT Notification (9972)
12174:TCP:*:Enabled:LANDesk Remote Execute (12174)
16992:TCP:*:Enabled:LANDesk HTTP AMT Management (16992)
16993:TCP:*:Enabled:LANDesk HTTPS AMT Management (16993)
16994:TCP:*:Enabled:LANDesk AMT Hello Packet
33354:TCP:*:Enabled:LANDesk Software Distribution Peer Download\Multicast (33354\TCP)
9535:UDP:*:Enabled:LANDesk Device Discovery XDD (9535)
33354:UDP:*:Enabled:LANDesk Software Distribution Multicast (33354\UDP)
33355:UDP:*:Enabled:LANDesk Software Distribution Multicast (33355\UDP)