1.HTTP profile with redirect rewrite all parameter might help you keeping the request in https.
This setting basically rewrites the URI in all HTTP redirect responses.
Create a new HTTP profile from the current profile applied and test with this setting.
Make sure you apply same new profile to all 3 vips.
2.You can sniff through response headers using IE Developer tools,Firebug,Fiddler Or HTTP analyzer and you'll know or you can guess which might be causing the redirect.
Most of the cases it is app code that is designed to respond HTTP responses without SSL.