Pulse Connect Secure 2 site Cluster, 2nd device can't use DUO to login
I have two pulse connect secure devices,
These are clustered together and share the same configuration at two different geographic locations.
I have inegrated MFA with DUO - https://duo.com/docs/pulseconnect
The first device comes up fine, when I test the API connection I get:
info: For server api-XXXXXXX.duosecurity.com at port XXX LDAP server is reachable.
The 2nd device didn't do so well, even though the walkthrough says to ignore errors:
error: For server api-XXXXXXX.duosecurity.com at port XXX LDAP Server is unreachable. Check the server address, port, and connection type.
Here is the logs from the 2nd device:
Info AUT24327 2017-08-29 12:26:29 -XX-XX-PULSE - [172.17.X.X]XXXX/XXXX/XXXX - Secondary authentication failed for XXXXX/DUO-LDAP from 172.17.X.X
Minor AUT23391 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Could not connect to LDAP server 'DUO-LDAP': Failed binding to admin DN:  Can't contact LDAP server: api-XXXXX.duosecurity.com:XXX
Info AUT23278 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Password realm restrictions successfully passed for XXXX/XXXX/XXXX
Info AUT24326 2017-08-29 12:26:29 - XX-XX-PULSE - [172.17.X.X] XXXX/XXXX/XXXX - Primary authentication successful for XXXX/XXXX/XXXX from 172.17.X.X
The first device FW shows constant SSL traffic while the 2nd one isn't talking to DUO.
Is this a pulse limitation, a duo limitation, or something else?