Web Server Farm with F5 Load Balancer

We have deployed a .net WCF service on a server farm with two servers behind an F5 load balancer. The WCF service is exposed via SSL and there is no SSL offloading done by the load balancer. The deployment works fine for the most part. But we get random errors when a client application tries to connect to the WCF service after sitting idle for a few minutes. The error that we get is:

 

HTTP/1.1 200 Connection Established

 

FiddlerGateway: Direct

 

StartTime: 17:23:35.494

 

Connection: close

 

fiddler.network.https> HTTPS handshake to failed. System.IO.IOException Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. < An existing connection was forcibly closed by the remote host.

 

The interaction works fine on a retry. We have checked all our timeouts and the values of all timeouts is set 10 minutes or higher. Also, when we get an error, we get an error within seconds of invoking the WCF web service.

 

The SSL certificate are fine because the SSL version of theURL shows up fine on any web browser.

 

We had a Microsoft engineer look at this issue and he indicated that the network packets are being dropped by the F5 load balancer for some unknown reason.

 

Do we need to make any configuration changes to F5 to make this work? Do we need sticky sessions as per this URL?

 

https://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc_config_guide_10_1/lc_persist_profiles.html

 

The WCF web service is designed to be completely stateless and we are not using reliable sessions. Each web service invocation is independent. One thing that is noticeable is that all "random" errors occur only if when the client "tunnels" to site as per Fiddler. Sometimes the "tunnel" succeeds and sometimes it fails.