I have read your post several times and I am still lost as to your problem and environment.
It is not clear what 111.111.111.11 and 111.111.111.16 are. Is that Server1? Is that the server that you cannot scan? I have no idea what you are trying to accomplish with all of your comments on those 2 IP's.
Based on my experience, and I emphasize "my experience" because forum users like me do not have sufficient knowledge of everything you are doing and why. (Refer to your CIS-CAT comment.) I would suggest that you start by verifying that each server has only one IP address and that the name is properly registered in DNS and matches the domain name.
So if you "nslookup 111.111.111.11" it returns Server1.MyDomain.com (for example). I would also verify that "ping server1" and "ping server1.mydomain.com" also work. You may need to add mydomain.com to the DNS search suffix list on the NIC if the server name does not resolve.
I am going to assume that you are logged on to ScannerServer.mydomain.com with a mydomain.com userid. And that account is a member of the Administrators group on Server1. And Server1 is also a member of mydomain.com.
On Server1, verify that the Windows Firewall is configured to log dropped packets.
https://www.bing.com/search?q=windows+firewall+log+dropped+packets
On ScannerServer, open a Powershell prompt and run:
Test-NetConnection -ComputerName Server1 -CommonTCPPort SMB
net.exe view \\Server1
dir \\Server1\c$
If they fail, log on to Server1 and check the Security eventlog for logon or other failures. Check the firewall log for dropped packets.