PLu a laptop into the port the printer uses, give the laptop the IP/Subnet/Gateway and DNS the printer is using now, then use Softerra to browse the server the printer cannot reach, does it work? If so, Wireshark the connection to see it and compare it.

It would seem like it either isn't resolving the primary servers IP/Hostname and just skips to the next.

Ok, we are still broken and have absolutely no idea what's going on.

All 5 copiers have been upgraded to firmware 075.091.000.02300.  The 2 from the "working" site still work (when pointed at a DC at any site) and the 3 from the "broken" sites are still broken.  We validated all LDAP, TLS, and cert settings are the same across all 5.  We took a working one and a non-working one, took a capture pointed at their own site's DC's, and took a capture pointed at cross-site DC's.  Below are the results from a working one pointing at the other site's dc, and the broken one pointing at the first site's dc:

This one works fine.  They start talking, and then initiate TLS.  Now below is the "broken" one:

It never even tries to talk TLS and moves onto the 2nd DC (which is a dead-end IP we put in for testing just so we're sure it's only pointing at a single DC).

What setting could cause this?  I tried toggling the TLS setting from the TLS 1.0 (backwards compatible) setting to TLS 1.2 but it didn't change anything.

Correct, Safest bet (always) is to use the tool installer since it figures out what is needed from the printer when you connect it so nothing can get missed

Last question, I promise.  These are all remote (all are 3-12 hours away by car) so I am not doing this until I'm absolutely certain my upgrade plan is ironclad.

The PDF in the firmware you linked has upgrade paths based on 071.xxx, 072.xxx, and 073.xxx families.  All 5 of our copiers are already on 073.xxx families.  The PDF references files different from what is included in the zip. We have the following:

• 729999v3.dlm
• 788101v6.dlm
• WorkCentre_5945-5955_system-sw#07209105431606#ENG_MOD.DLM
• WorkCentre_5945-5955_system-sw#07509100002300#ENG_MOD.DLM

In this case, we would just need to directly install the last file, the WorkCentre_5945-5955_system-sw#07509100002300#ENG_MOD.DLM one, right?  None of the others would be needed?

The i denotes a machine sold with Firmware that started with 072 (Connectkey 1.5). It means nothing more and makes no difference at all, it was a marketing gimmick at best.And Connectkey product before it could just be updated to match it

Firmware for Xerox is decoded using the following

For the 59XX, these are the releases from 073 (You have the first one) up to 075 (Current) and the only thing that changes between the Connectkey controllers (as shown above) will be the 091

Sorry to belabor this point, but the PDF you attached says it's for the 5955i, not the 5955.  Is that going to be compatible?  Here is our exact model string and serial:

Machine Model: Xerox WorkCentre 5955 v1 Multifunction System
Machine Serial Number: A2M738531

We're trying it; we were using the latest version here: https://www.support.xerox.com/support/workcentre-5945-5955/downloads/enus.html?operatingSystem=_allo...

 The versions linked in my attachment on my first post in this thread are 26 versions newer than what you have

We have updated the firmware on 2 of them to the latest we can find (073.091.075.34540) but the option isn't there.