In some corporate networks udp is disabled and connection will fallback to tcp. If you are using the default deployment without http server, it will use tcp to port 443 on jvb, if this is not the case the default is port 4443, which some corporate firewalls will block as it is not port 443.
There are some networks which make deep packet inspection and will detect that the connection to the jvb is not real ssl connection and even on port 443 it will block it.
The solution is to run a turn server on a separate ip address with valid ssl certificate, and that turn server to listen on port 443. This is the case with meet.jit.si.
The clients that were seeing it working on meet.jit.si can easily validate that, expanding local client connection stats will reveal, is it TCP or UDP and whether turn is used.