I just deployed a couple 11050's the other day so my experience is limited, but I'd guess your problem is that, when using the Primary Sorry Server, you end up with clients sending HTTPS requests to an HTTP port. Having HTTPS requests redirected to HTTP ports is one thing because the client then makes an HTTP request to that port, but the way you have it above, it appears to me that the client will be talking HTTPS to port 81 on the Sorry Server, which is listening for HTTP.
Actually, looking at your config again, you have the same services in both the HTTP and HTTPS content rules. The services are both HTTP, right? If so, sending HTTPS requests to them won't work for the same reason that it won't work for the sorry servers.
What exactly are you trying to accomplish with the SSL content rules? Are either of the services able to service SSL requests on port 80?
I also have had this problem. The way to do this simply (heh) is to use an SSL Offloading device like the SCA in a one-armed configuration. This way when the cleartext port 80 traffic comes back to your CSS, you can then provide a redirect if your servers are all down and the SCA can re-encrypt the packet before it goes back to the client.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...