Hi,  I have the same problem "Unable to run executable on dc3.test.corp, The IseExec remote execution functionality failed to read response"

One difference I have 3 DC in one domain.

dc1 is win server 2012 - ISE-PIC works fine

dc2 is win server 2016 (upgraded from win server 2012) -ISE-PIC works fine

dc3 is win server 2016 - ISE-PIC doesn`t works.

Firewall on dc3  is disabled  and account from which I connect  is domain admin.

ISE dubug constantly  shows  this massage:

"2018-07-25 15:37:47,334 DEBUG [Thread-19][] com.cisco.idc.dc-probe- DCOM timeout reached on DC. Identity Mapping.NTLMv2 = true , Identity Mapping.dc-domainname = test.corp , Identity Mapping.probe = WMI , Identity Mapping.dc-windows-version = Win2016 , Identity Mapping.dc-username = administrator , Identity Mapping.dc-name = dc3.test.corp , Identity Mapping.dc-host = dc3.test.corp/{ip address} , Identity Mapping.server = ise , Identity Mapping.dc-netBIOS = TEST ,
2018-07-25 15:37:52,220 DEBUG [qtp60830820-14 - /][] com.cisco.idc.dc-probe- [ConfigHandler] configuration-server received request
2018-07-25 15:37:57,222 DEBUG [qtp60830820-13 - /][] com.cisco.idc.dc-probe- [ConfigHandler] configuration-server received request "

We just moved a domain controller, by demoting and then promoting it afterwards. Now I receive the same error, and the firewall is ok.

Is there are possibility that all the configuration on the domain controller got rolled back when we demoted it, and have to be done again? Shouldn't the config from ISE automatically apply the proper changes on the DC? 

I read that newer version of ISE takes care of the registry settings etc. Then I only need to "Add DCs", type in user and pass for a account with sufficient privileges, and It should work?  

WMI as protocol for Agent after KB5004442 does not work properly anymore. You have to change it for MS-RPC protocol.