We have 2 pairs of HA 2110 Security Appliances managed from an FMC all running 6.4.0.2 currently trying to get kerberos working

All seems correct and in place joined AD, LDAPS, ACL Rule, SSL rewrite policy, Identity Policy configured with a cert using default port 885

Browsing to a site causes a redirect to the correct FQDN (DNS Resolves) of the FTD to authenticate and this is when it fails can not connect

nmap shows as closed (Firewall ACL to allow is there)

Logging into FTD and running in expert mode

netstat -anp | grep 885

gives

tcp 0 0 169.254.0.1:885 0.0.0.0:* LISTEN 21645/idhttpsd
tcp6 0 0 fdcc::bd:0:ffff:a9f:885 :::* LISTEN 21645/idhttpsd

Not listening on expected IP?

Also output from vhost.conf shows

Listen 169.254.0.1:885
Listen [fdcc:0000:0000:00bd:0000:ffff:a9fe:1]:885
<VirtualHost 169.254.0.1:885 [fdcc:0000:0000:00bd:0000:ffff:a9fe:1]:885>
# This ServerName option might not be required at all after LTB is in place.
# Needs to do some tests to verify after LTB is available. Put localhost here for now.
ServerName localhost
SSLCertificateFile "/ngfw/usr/local/sf/idhttpsd/conf/auth.cert"
SSLCertificateKeyFile "/ngfw/usr/local/sf/idhttpsd/conf/auth.key"
AuthFormPath "/ngfw/usr/local/sf/idhttpsd/conf/auth_form.html"
EncryptionBytesPath "/ngfw/usr/local/sf/idhttpsd/conf/captive_portal_url_encryption_bytes.bin"
ErrorLog "/ngfw/var/log/captive_portal.log"
LogLevel info

SSLEngine on
LoadModule auth_module modules/mod_sfcaptive_portal.so
AddHandler auth-handler auth

DocumentRoot "/ngfw/usr/local/sf/idhttpsd/captive_doc"
<Directory "/ngfw/usr/local/sf/idhttpsd/captive_doc">
Require all granted
SSLRequireSSL
</Directory>

</VirtualHost>
ServerName localhost

Nothing I can find in FMC to set which IP/interface to use only port any thoughts or is this a known issue (Can not find any fix only the latest release)