EMS/EAC broken for coexistence Exchange 2013 setup: "The WinRM client cannot process the request" / 403 Sorry! Access denied :(

We are attempting to setup a new Exchange 2013 environment in coexistence with our Exchange 2010 environment.  All Exchange 2010 servers have been updated to SP3.  We have deployed 2 Exchange 2013 servers with the Mailbox role, and 2 servers with the CAS role.  All Exchange 2013 servers were updated to CU1.

When attempting to access EMS on the CAS servers, we get the following error:

New-PSSession : [CAS02.office.example.com] Connecting to remote server CAS02.office.example.com
failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use
Kerberos authentication mechanism, but the destination computer (CAS02.office.example.com:80) returned an
'access denied' error. Change the configuration to allow Kerberos authentication mechanism to be used or specify one
of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the
remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use
Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name
and password. Possible authentication mechanisms reported by server: For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed 

This error repeats as it tries to connect to both CAS servers, then successfully connects to an Exchange 2010 CAS server.

When attempting to connect to ECP, we get the following error: