We're experiencing this exact same issue out of the blue as of today, but just in one site. In fact, just in one AD site. In our case the issue appears to be Kerberos related, as a packet capture shows KRB errors. If you run a packet capture on your client when you try to RDP onto an affected host, do you see KRB5KDC_ERR_TGT_REVOKED errors coming back from your DC? What OS is on the DC in the affected subnet?
If you RDP using an IP address instead of a hostname it uses NTLM and not Kerberos. Another thing to check is that the time sync is all good on your servers / clients.