Do you have stable connectivity ? is the tunnel up when the eigrp gone down ?

In addition to my initial post, Here is more details. also I inherited this setup and trying to wrap my head around it:

- the tunnel goes down every 10 min. exactly the time NHRP dy record expires!

- till today TAC engineer after hours of tshoot were saying based on logs the hub receives the DPD message from the spoke but for some unknown reason it does not respond and thats why the tunnel goes down for 10-15 seconds every 10 min

- then today after more debugging, to reach to the reason for that we found out on debug that the spoke  tries to reach out to HUB-A Tunnel IP but when it encapsulate the traffic it puts HUB-B NBMA IP instead of HUB-A NBMA-IP and that is the problem. well if its the design issue it might be related to NHS priority and cluster as both hubs are identical but then the golden question is why this is not happening on other spokes!

- so TAC says its DMVPN design config issue and sent me some docs to read, he said to test you can remove the second hub from s[poke config and see the result, set another session for tomorrow and left. i removed the second hub from the spoke config and its still happening haha
- this is the debug:

here is a bit info a bout the setup:

 - there are several spokes with identical config ( or I think they are ! ) and the issue only happens on one spoke!

- there are two Hubs A and B and overly EIGRP and prefer A over B

here is hub A and SPOKE ( with issue ), tunnel config:
hun-A:

Spoke:

and my finding is this and I think thats related to the issue is why spoke having a dynamic NHRP record of itslef!? it does not make sense to me: ( the last record )

Here is the requested info and topology:

there are 2X Hub primary and secondary and the only difference is the overlay EIGRP delay that makes Primary Hub primary and no tunn config difference.

- just for security changed NBMA to : primary hub 1.1.1.1 sec Hub 2.2.2.2, SPOKE-1 ( with issue): 3.3.3.3  SPOKE-2 ( no issue): 4.4.4.4

Primary Hub Tunn:

interface Tunnel0
ip address 172.16.253.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip split-horizon eigrp 100
ip nhrp map 172.16.253.254 2.2.2.2
ip nhrp network-id 12345
ip nhrp nhs 172.16.253.254
no ip nhrp shortcut
zone-member security LAN
ip tcp adjust-mss 1376
delay 10
tunnel source 1.1.1.1.1
tunnel mode gre multipoint
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN

Secondary Hub:

interface Tunnel0
ip address 172.16.253.254 255.255.255.0
no ip redirects
ip mtu 1400
no ip split-horizon eigrp 100
ip nhrp map 172.16.253.1 1.1.1.1
ip nhrp network-id 12345
ip nhrp nhs 172.16.253.1
ip tcp adjust-mss 1376
delay 100000
tunnel source 2.2.2.2
tunnel mode gre multipoint
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN

SPOKE-1:

interface Tunnel0
description
ip address 172.16.253.240 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp map 172.16.253.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp map multicast 2.2.2.2
ip nhrp map 172.16.253.254 2.2.2.2
ip nhrp network-id 12345
ip nhrp nhs 172.16.253.1
ip nhrp nhs 172.16.253.254
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
end

SPOKE-2:

interface Tunnel0
ip address 172.16.253.10 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp map 172.16.253.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp map 172.16.253.254 2.2.2.2
ip nhrp map multicast 2.2.2.2
ip nhrp network-id 12345
ip nhrp nhs 172.16.253.1
ip nhrp nhs 172.16.253.254
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
end

- yes this is in production, but only 1-3 users mostly using Internet and barely DMVPN

- sh ip int and DMVPN on:

primary hub:

from the spoke with issue:

Topology:

i think the issue related to this having an exra NHRP record on SPOKE-1 pointing to itself causing the issue but I can not explain it