Trying WinRM against all Domains' DCs

I can’t connect to all DCs in our Domain using Invoke-command. Some work but for others, I see this advise:

[DC2] Connecting to remote server DC2.domain.local failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the 
network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local 
subnet.

At the console of a DC, when I run Test-WSMan, I’ll see:

 Test-WSMan
Test-WSMan : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859046" Machine="DC.domain.local"><f:Message>WinRM cannot complete the operation. Verify that the specified computer name 
is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles 
limits access to remote computers within the same local subnet. </f:Message></f:WSManFault>
At line:1 char:1
+ Test-WSMan
+ ~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Test-WSMan], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
 

PS C:\Windows\system32> WinRM quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
WinRM is already set up for remote management on this computer.

I’ve been told the firewalls have already been configured for 5985/6.

What’s causing access to some DC’s and no access to others?

check to make sure ports 5985 and 5986 are open on your servers first