Hi Don
Do you have any short dumps in ST22 for trusted RFC? Also were you running ST01/05 in the GRC component or the plug-in system?
If you only looked at GRC, have you seen this KB Article (it is for decentrailsed FF)
1944417 - In decentralized firefighting firefighter is not able to perform firefighter logon
It mentions authorization on the FF Id for password change in the satellite.
Userxxx Deletes RFC Destination GRCCLNTXXXX_LD
As far as the _LD Connection, I've seen that in my system logs too. It must be the way SAP have the FF sessions creating - it temporary creates a connection and then deletes it. Must admit, I've been curious too but mine was working so curiosity energy levels were diverted to something that was broken and I forgot to inquire as to why 
It is not deleted the RFC destination that you created as part of configuration and suspect this was quite low level details and too technical to raise in training course.