So simple version to anyone that runs a custom CA for Fleet/Endpoint integration.
Using fleet to manage your agents will delete the CA certificate if you put it in the Agent folder when you deploy it initially. The agent should be pulling from the local machine certificate store for a list of trusted CA's but fails to do so resulting in having to add the CA externally. 90% of the failures that show up are CA related when streaming data from agent to Elastic.
It's also something interesting to note. This has an unintended side effect. 1 in every 25 machines seems to suffer from. When the agent restarts you loss the data as expected as its' no longer able to connect to ES. It will attempt to establish network connections endlessly resulting in thousands of network sessions being spammed 17,415 from one server. Add the CA file back and restart the agent all happy. During this time no logs are sent to ES so your scratching your head as to what's going on.