Remote Desktop connections fails to host after configuring RemoteDesktopCertificate template in your internal CA
You’ll have an error in the event log of the target machine like this:
The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205
Most likely this is a Windows 8, 8.1, 2012, or 2012R2
If that is the case, you’ll have to delete the certificate from the system (the one issued for RDP template) and make sure it will NOT generate new one using the same template.
Then restart the machine (or you may try to restart Remote Desktop services only) and you should be able to login again.
If you’re looking for the reason behind it, then you’ll need to read more about the SHA algorithm and the updates pushed into Windows OS in latest versions.
I’d suggest you check this blog which has a nice topic about this subject: http://www.dotnetnoob.com/2013/10/hardening-windows-server-20082012-and.html