The BPA showed no evidence either. Used a simple telnet test from the FE to the CE over ports 8057 and 5062. All working.
Searching for Event ID 41025 on TechNet I found a post quoted below
"For the 41024, 41025, 41026 loop of errors, the issue was tracked down to a strange certificate issue.
On the Edge External Nic I had used one vendor's for the UCC certificates (GoDaddy), as well I used that same vendor for the certificates on Exchange, TMG, and on the FE server Nic BUT for the internal facing edge NIC I had used a different vendor (RapidSSL) as I already had it.
I replaced the certificate from the one vendor with essentially the same thing but issued from the same vendor as all the other certificates in the deployment (GoDaddy)"
Ok, probably a good idea to check the cert assignments on the Edge Server. Turns out that I was using the same GoDaddy cert on the internal and external interfaces. Mmm...