Backend server selection

Help!
1

Hello,

I am using HAProxy to load balance incoming authentication attempts for an application called HP Anyware. The client application for Anyware is a black box so I do not have access to know what requests are made, however I know authentication requests are made over 443

At present I am using HAProxy version 3.0.2

I have a default backend that has two servers. I am finding that the proxy is preferring the second server in the list every time and I cannot work out why. Both servers work individually (if they are the only option in the list, and if the order is swapped the second option is chosen.)

Is there something in my config that’s incorrect?

global
#    log 127.0.0.1:514  local0  
    log /dev/log local0 info
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn 8000
    user haproxy
    group haproxy
    daemon
    h1-case-adjust connection Connection
    h1-case-adjust content-length Content-Length
    h1-case-adjust content-encoding Content-Encoding 
    h1-case-adjust content-type Content-Type
    h1-case-adjust cache-control Cache-Control
    h1-case-adjust date Date
    h1-case-adjust expires Expires
    h1-case-adjust etag ETag
    h1-case-adjust last-modified Last-Modified
    h1-case-adjust server Server
    h1-case-adjust via Via
    h1-case-adjust age Age
    h1-case-adjust accept-ranges Accept-Ranges
    h1-case-adjust access-control-allow-origin Access-Control-Allow-Origin

defaults
    balance roundrobin
    log global
    option httplog
    retries 2
    #timeout client 30s
    timeout client 15s
    timeout connect 4s
    #timeout server 30s
    timeout server 15s
    timeout check 5s
    option allbackups
#    errorfile 400 /etc/haproxy/errors/400.http
#    no option http-use-htx

listen admin_page
    bind 192.168.30.5:9600
    mode http
    stats enable
    stats refresh 60s
    stats uri /

frontend fe_connector_443
    bind :80
    bind *:443 ssl crt /etc/ssl/private/proxy-01.pem alpn h2,http/1.1
    http-request redirect scheme https code 301 unless { ssl_fc }
    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
    option h1-case-adjust-bogus-client
    mode http
    capture cookie JSESSIONID len 32
    option forwardfor
    acl internal_range_l src 192.168.0.0/16
    acl internal_range_l_pv src 10.19.0.0/16
    acl internal_range_m src 10.102.0.0/16
    use_backend internal_source_be if internal_range_l || internal_range_l_pv || internal_range_m
    default_backend external_source_be


backend external_source_be
    mode http
    balance roundrobin
    cookie JSESSIONID prefix indirect nocache
    server cac-01 192.168.30.11:443 check cookie s2 verify none ssl alpn h2,http/1.1 
    server cac-03 192.168.30.12:443 check cookie s1 verify none ssl alpn h2,http/1.1 

backend internal_source_be
    mode http
    balance roundrobin
    cookie JSESSIONID prefix indirect nocache
    server cac-02 192.168.30.13:443 check cookie s3 verify none ssl alpn h2,http/1.1

I have a config that is pretty identical working successfully on version 2.8.1 of HAProxy, could it be something with the version?

Thanks