WinRM - Remote session not working between old & new DCs

Question

We have a total of 6 domain controllers, 2 of which (dc03/04) have just been created. I'm able to PSRemote between all of the older DCs, and between 03 & 04, but I'm not able to PSRemote between the older DCs and the newly-created ones. I'm able to use my (Domain Admin) credentials to log in via RDP to all of the DCs.

PS C:\Windows\system32> Get-ADDomainController -Filter * -Server $DomainName |Select-Object Hostname,OperatingSystem

Hostname                   OperatingSystem
--------                   ---------------
dcsrv02.example.com    Windows Server 2016 Standard
DC01.example.com     Windows Server 2019 Datacenter
dcsrv01.example.com    Windows Server 2016 Standard
DC02.example.com     Windows Server 2019 Datacenter
dc03.example.com     Windows Server 2019 Standard
dc04.example.com     Windows Server 2019 Standard

I'm specifically trying to get from dc01 to either 03 or 04 in order to complete Add-DhcpServerv4Failover. The following are all run in a PowerShell session "as administrator" on dc01:

PS C:\Windows\system32> Enter-PSSession -ComputerName dcsrv01.example.com -Authentication Credssp -Credential $cred
[dcsrv01.example.com]: PS C:\Users\myUser\Documents> exit
PS C:\Windows\system32> Enter-PSSession -ComputerName dcsrv02.example.com -Authentication Credssp -Credential $cred
[dcsrv02.example.com]: PS C:\Users\myUser\Documents> exit
PS C:\Windows\system32> Enter-PSSession -ComputerName dc02.example.com -Authentication Credssp -Credential $cred
[dc02.example.com]: PS C:\Users\myUser\Documents> exit
PS C:\Windows\system32> Enter-PSSession -ComputerName dc03.example.com -Authentication Credssp -Credential $cred
Enter-PSSession : Connecting to remote server dc03.example.com failed with the following error message : WinRM cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the
same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName dc03.example.com -Authentication  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (dc03.example.com:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

PS C:\Windows\system32> Enter-PSSession -ComputerName dc04.example.com -Authentication Credssp -Credential $cred
Enter-PSSession : Connecting to remote server dc04.example.com failed with the following error message : WinRM cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the
same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName dc04.example.com -Authentication  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (dc04.example.com:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

The error generated in the Windows Remote Management Operational log is, "WSMan operation CreateShell failed, error code 2150859046." The following were run in a PowerShell session "as administrator" on dc03:

PS C:\Windows\system32> Enter-PSSession -ComputerName dc04.example.com -Authentication Credssp -Credential $cred
[dc04.example.com]: PS C:\Users\myUser\Documents> exit
PS C:\Windows\system32>  Enter-PSSession -ComputerName dc01.example.com -Authentication Credssp -Credential $cred
Enter-PSSession : Connecting to remote server dc01.example.com failed with the following error message : The client cannot
connect to the destination specified in the request. Verify that the service on the destination is running and is accepting
requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM.
If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service:
"winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:2
+  Enter-PSSession -ComputerName dc01.example.com -Authentication ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (dc01.example.com:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Same can be seen when running from 04. All dc0X servers are on the same subnet, while the dcsrv0X servers are on a different subnet. Domain policy has the firewalls disabled for domain controllers (don't get me started), and there is not a proxy configured on any of the DCs:

PS C:\Windows\system32> netsh winhttp show proxy

Current WinHTTP proxy settings:

    Direct access (no proxy server).

Group policy is set to delegate client credentials to all computers in the domain (wsman/*.example.com). Same behavior can be seen by just running Enter-PSSession -ComputerName without specifying auth type & credentials.

Answer 1

tl;dr - check your switch ports for errors.

This turned out to be the result of a bad port on the switch that the ESXi to which the host was connected. The port eventually failed, knocking the host, & all of its VMs offline.

We've since moved the VMs to a different cluster/storage, and since the move, communication between all DCs has been instantaneous, and without error.