Stupidly, I enabled the SendExtraRecord on one of my servers. According to Microsoft, this breaks:
- SQL Server
- Terminal Services/Remote Desktop with Network Level Authentication (NLA)
- Some Routing Remote Access Service (RRAS) scenarios
Well that would certainly explain why I can't remote desktop into the server anymore. Doh!
An authentication error has occurred.
The token supplied to the function is invalid
EDIT: By disabling all ciphers except a couple of RC4 ones (128-bit SHA and MD5) or by changing the priority of ciphers so the RC4 ones are first, it's possible to Remote Desktop back in and undo the damage. It was quick and easy (aside from having to reboot Windows for the new settings to kick in) using this neat free tool: IIS Crypto