Actually in rereview, out of the 3 that did "work", none are using the longer preferred chain:
They are only serving the single intermediate:
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
I think we are going to be hearing more about these Windows IIS system problems very soon.
Anyone here have an IIS system we can check?