Ssl – IIS randomly returns 413 Request Entity Too Large when uploading large files and using TLS

I have an ISAPI application running on IIS, which is meant to support uploads of files of any size. On one server, uploads seemingly randomly fail with 413 Request Entity Too Large or time out when using HTTPS, and the only remedy seems to be setting uploadReadAheadSize to a value larger than the uploaded file. This would, however, limit the size of uploaded files to 2GB (the maximum value of uploadReadAheadSize), which is unacceptable.

• Windows Server 2012 (and corresponding IIS version)
• Server does NOT require client certificates (but client was probably – and unexpectedly – sending them?!)
• The problem does not occur on any other servers (and there are lots of them) where the same application is installed, and where uploadReadAheadSize is set to the default (49152 bytes).
• The error is returned by IIS, and there is no WAF or similar intermediate component involved.
• The error occurs when sending from any host, including from the server host itself.
• The error occurs when uploading with a browser client as well as a thick client (a native Windows application).
• Shortening the request body actually does prevent the error from occurring.
• The identical request can fail or succeed (e.g., when replayed with Fiddler)

What could possibly be causing this, and how should I go about debugging this?

(NOTE: I have seen several similar questions on StackOverflow and here, but in those scenarios, either client certificates are meant to be used, or the application is based on WCF – which ours isn't – or the problem was not independent of uploadReadAheadSize or TLS)

Also, what is a good source for understanding what uploadReadAheadSize actually does and what is happening "under the hood"? Microsoft's official documentation is rather sparse.