Thought I would reply, having had a bit of success finding the solution.
So this communication failure was due to a change on the windows side of things.
An update had occurred that added some TLS1.2 cipher suites, and re-organised the default SSL priority list. There was no correlation between servers because as of May this year, microsoft has started maintaining rollup packages. So the problematic update was in a different rollup package for each server due to the time difference in updating. (June for one, July for the other, the June rollup was also rolled into July for some reason, so was deprecated).
It’s odd that some devices could still run the communication, and i’m not sure what the limitation was. But addressing the priority list and moving suites around meant communication came back.