Периодическая ошибка ServiceBus "Сертификат X.509 CN = servicebus.windows.net не находится в хранилище доверенных лиц" при использовании Azure WebSites

У меня есть несколько веб-сайтов, работающих в Azure, интенсивно использующих ServiceBus (также размещенный в Azure), все в одном регионе.

Иногда (раз в 2-3 дня) у меня одинаковая ошибка на всех веб-сайтах одновременно (во время чтения/ожидания сообщений):

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: 
 The X.509 certificate CN=servicebus.windows.net is not in the trusted people store.
  The X.509 certificate CN=servicebus.windows.net chain building failed. 
   The certificate that was used has a trust chain that cannot be verified. 
    Replace the certificate or change the certificateValidationMode. 
     A certificate chain could not be built to a trusted root authority.

Полный стек:

Microsoft.ServiceBus.Messaging.MessagingCommunicationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
 ---> System.ServiceModel.Security.SecurityNegotiationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.
 ---> System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=servicebus.windows.net is not in the trusted people store. The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain could not be built to a trusted root authority.

   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result)
   --- End of inner exception stack trace ---

Server stack trace: 
   at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.CreateChannelAsyncResult.<GetAsyncSteps>d__7.MoveNext()
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult.AsyncCompletionWrapperCallback(IAsyncResult result)

Exception rethrown at [0]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.SharedChannel`1.OnEndCreateInstance(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.SingletonManager`1.EndGetInstance(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__2(RequestAsyncResult thisPtr, IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [1]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.RequestAsyncResult.<>c__DisplayClass17.<GetAsyncSteps>b__a(RequestAsyncResult thisPtr, IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [2]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Sbmp.RedirectBindingElement.RedirectContainerChannelFactory`1.RedirectContainerSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.RequestAsyncResult.<GetAsyncSteps>b__4(RequestAsyncResult thisPtr, IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [3]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Common.AsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.Channels.ReconnectBindingElement.ReconnectChannelFactory`1.RequestSessionChannel.EndRequest(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.CloseOrAbortLinkAsyncResult.<GetAsyncSteps>b__7(CloseOrAbortLinkAsyncResult thisPtr, IAsyncResult a)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [4]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.AbandonPrefetchedMessagesCloseAbortAsyncResult.<GetAsyncSteps>b__41(AbandonPrefetchedMessagesCloseAbortAsyncResult thisPtr, IAsyncResult r)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)

Exception rethrown at [5]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
   --- End of inner exception stack trace ---
   at Microsoft.ServiceBus.Messaging.Sbmp.SbmpMessageReceiver.OnEndClose(IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.ClientEntity.OnClose(TimeSpan timeout)
   at Microsoft.ServiceBus.Messaging.ClientEntity.Close(TimeSpan timeout)
   at Olekstra.Common.QueueReader.<>c__DisplayClass3.<StartTask>b__2(Boolean force)

Я использую обновленную версию пакета Microsoft.ServiceBus.dll NuGet (2.4.0.0), поэтому ответы из Google "проверка сертификата отключена по умолчанию в ServiceBus 1.8" бесполезны - я не стал проверять ON, и более того - он работает много часов подряд и терпит неудачу только один раз каждые 2-3 дня.

Подобный ответ о самостоятельных приложениях тоже не подходит - веб-сайт запущен внутри Azure, хосты виртуальных машин управляются персоналом MS, мне не разрешено обновлять любые корневые сертификаты.

Кто-нибудь знает, почему клиент ServiceBus решает иногда проверять SSL-сертификат и как отключить это поведение?

UPD:

Я добавил <add key="Microsoft.ServiceBus.X509RevocationMode" value="NoCheck"/> в appSettings в web.config две недели назад - никакой разницы.

Также Reflector показывает, что значение "NoCheck" по умолчанию указано в Microsoft.ServiceBus.Configuration.ConfigurationHelpers.GetCertificateRevocationMode()