The problem was (oh, how we laughed) that the Openreach engineers could not run the Openreach diagnostics as instructed by 2nd line support. They could only get Java security errors. Though they spent the whole afternoon trying (top marks for tenacity, I guess).
Then when the engineer reported back, it went down as a fail, so Openreach would send another engineer, who would encounter exactly the same problem and again waste an afternoon of his and my time.
3rd time around, the engineer didn't attend the premises because he knew perfectly well what would happen. (This annoyed my provider.)
Then when my provider escalated, Openreach proposed a 4th engineer visit. Without having resolved the Java security issue!
My provider, to their credit, put their foot down and insisted on the fault being transferred to the Complex Fault Team, who resolved it almost immediately.