If you are using https as their protocol to collect logs from winrm and you ran the winrm quickconfig -transport:https , compare the certificate thumbprint in the winrm listener to the certificate that you have imported to the agent using the keytool -importcert command.
You will notice the "winrm quickconfig -transport:https" command created the certificate thumbprint For E.g. (8f 37 6c 13 fa 2a 55 49 8c 21 77 db e7 a2 a6 d6f6 82 64 e9) no space between d6 and f6 which is wrong it should be(8f 37 6c 13 fa 2a 55 49 8c 21 77 db e7 a2 a6 d6 f6 82 64 e9)
winrm quickconfig -transport:https command does this by default.
Remove the old winrm https listeners from the client machine and created the winrm https manually.