Disclaimer: I am not a networking/security person and have about 2 minutes free to throw this in: We had a slightly similar problem with the web front end to a DMS, Kemp support said it was due to the Layer7 persistence method used.
this article /might/ help you (Section 4.4)
Update: now I have a couple more minutes. In our case it was due to token persistence, once the initial connection was made to one server it was all good when the user was sent back to the same server, if they were sent to the other, it was not allowed. The way I rad your post, suggested that it /might/ be things are not as balanced as you think, and in general you have good persistence, regardless of method used (and/or the balancer is directing all traffic to just the one server - can you check stats in LB to be sure?)
Anyway, I know the LB is a different make, but I guess the same concepts apply with regard to persistence and HTTPS.
"Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information upon it. When we enquire into any subject, the first thing we have to do is to know what books have treated of it. This leads us to look at catalogues, and at the backs of books in libraries."
— Samuel Johnson