Thanks. Clean off the back of most of your work within your document ;-)
I have just re-exported the cert and changed the cert path to the new one against the TLS ports within SM. No change.
Thinking about it, as this is not just those ports, it's 443 too via IIS it makes sense that the issue is external to the port binding within SM otherwise the webmail on 443 would not have an issue.
Only an emergency admin has access and that is logged. No access to anyone else and checking the log I am the only one to have accessed the server in a while, certainly since the last reboot.
No unexpected reboots showing in the even logs either.
I think I will request a re-issue from Comodo for the cert and see if that cures the issue.
This could also be down to an issue with the Ciphers maybe. I might reuse IISCrypt to check those too. All seems very weird!
This is annoying as we are only a few weeks away from fully migrating the email on this server to a 2012 R2 box! The migration might just be brought forward if this issue continues.