Given that these are security servers with a load balancer (F5) in front. I would lean towards the possibility one of the security servers may be the source of the issue and random incoming users are assigned to it.
I would double check in the View Administrator that the URLs match exactly what is on the SSL cert for each security server and each connection server. Next, verify that the certificate being used has a friendly name of 'vdm' on each security and connection server.
