> 1) Is there a way to remove the "Protocol failure" related to the disabled Windows Firewall, or do I have to remove the Remote Experience Agent from the parent VM and recompose?
Yes, don't install the HTML Access component on the agent if it's not functional. If it's not installed, it won't be in the protocol list in an error state.
> 2) Does the pool only recognize "Available" VMs towards the spare count, accounting for why all of my desktop VMs are running and none will power down?
VMs in a "protocol failure" state should still count as available, as the VM is online and responding - if there's no existing session on them.