How do I change encryption from RC4 to AES in order to allow RDP to my remote servers?

Try setting in the Active Directory object of every user/computer involved the LDAP attribute msDS-SupportedEncryptionType to 8 (= 128-bit AES only) or 24 (= 8+16 = 128 and 256-bit AES). In the Active Directory Users and Computers GUI, this corresponds to ticking in the Account tab the boxes “This Account supports Kerberos 128/256 encryption.”, although you can't easily disable RC4 there as well.

Two notes on choice of encryption types:

• Nobody actually needs 256-bit AES encryption (16) until quantum computers become available, so in the interest of performance, best enable only 128-bit AES and not 256-bit AES.
• Disabling RC4 (4) is desirable, because Microsoft's Kerberos RC4 encryption type uses the same password hashes as NTLMv2, so if you had a pass-the-hash/mimikatz attack stealing one of these, Kerberos with RC4 enabled is also vulnerable. The Windows 2000 developers designed the Kerberos RC4 encryption type specifically to be compatible with NTLMv2 hashes, therefore I sleep much better with RC4 switched off everywhere.

See also: https://blogs.msdn.microsoft.com/openspecification/2011/05/30/windows-configurations-for-kerberos-supported-encryption-type/

There is a patch for it from Microsoft: https://support.microsoft.com/en-us/kb/3080079