We are testing a new set of WLC 9800-L in HA.  running on version 17.3.4c. 2 Mobility peers is configured and in UP state (when HA standby node is down) Once the standby node is up one of the tunnels go down, and cipher changes from TLS_NUM_RSA_WITH_AES_128_CBC_SHA to TLS_NUM_NULL_WITH_NULL_NULL

If i reload slot 2, it will reestablish after  a few minutes, and once standby is up it goes down. 

Does anyone experience the same? did i hit a bug, or did i misconfigure somewhere? 

WLC01#sh wireless mobility summary
Mobility Summary

Wireless Management VLAN: 7
Wireless Management IP Address: 10.40.99.10
Wireless Management IPv6 Address:
Mobility Control Message DSCP Value: 48
Mobility Keepalive Interval/Count: 10/3
Mobility Group Name: MBK_Test
Mobility Multicast Ipv4 address: 0.0.0.0
Mobility Multicast Ipv6 address: ::
Mobility MAC Address: f4bd.9e56.a2eb
Mobility Domain Identifier: 0x390d

Controllers configured in the Mobility Domain:

IP Public Ip MAC Address Group Name Multicast IPv4 Multicast IPv6 Status PMTU
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.40.99.10 N/A f4bd.9e56.a2eb MBK_Test 0.0.0.0 :: N/A N/A
10.40.99.110 10.40.99.110 706d.1517.a66d test 0.0.0.0 :: Up 1385
10.47.26.245 10.47.26.245 a093.5153.38e3 Anchor_Group 0.0.0.0 :: Up 1385

WLC01#sh wireless mobility peer ip 10.40.99.110

Mobility Peer Info
===================
Ip Address : 10.40.99.110
Public Ip Address : 10.40.99.110
MAC Address : 706d.1517.a66d
Group Name : test
Total Number of Clients on Peer : 0
Local Clients Exported to Peer : 0
Locally Anchored Peer Clients : 0
Keepalive Data Link Status : UP
Keepalive Control Link Status : UP
DTLS Data Link Cipher : TLS_NUM_NULL_WITH_NULL_NULL
DTLS Data Link Status : Disabled
DTLS Control Link Cipher : TLS_NUM_RSA_WITH_AES_128_CBC_SHA
DTLS Control Link Status : Key Plumbed
PMTU : 1385
Tunnel Plumbed : Yes
Tunnel IFID : 0xA0000001
Number of Data Path Flaps : 3
Last Data Path Flap : 01/20/2022 10:26:42 Central
Number of Data Packet Failure : 1022
Non Acked Data ping requests : None
Number of Control Path Flaps : 3
Last Control Path Flap : 01/20/2022 10:27:22 Central
Number of Control Packet Failure : 347
Non Acked Control ping requests : None
Is Anchor : No
Mobility event statistics
Roam stats
L2 roam count : 0
L3 roam count : 0
Handoff Status Received
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0
Handoff Status Sent
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0

WLC01#sh wireless mobility peer ip 10.47.26.245

Mobility Peer Info
===================
Ip Address : 10.47.26.245
Public Ip Address : 10.47.26.245
MAC Address : a093.5153.38e3
Group Name : Anchor_Group
Total Number of Clients on Peer : 0
Local Clients Exported to Peer : 0
Locally Anchored Peer Clients : 0
Keepalive Data Link Status : UP
Keepalive Control Link Status : UP
DTLS Data Link Cipher : TLS_NUM_NULL_WITH_NULL_NULL
DTLS Data Link Status : Disabled
DTLS Control Link Cipher : TLS_NUM_RSA_WITH_AES_128_CBC_SHA
DTLS Control Link Status : Key Plumbed
PMTU : 1385
Tunnel Plumbed : Yes
Tunnel IFID : 0xA0000002
Number of Data Path Flaps : 2
Last Data Path Flap : 01/11/2022 10:32:56 Central
Number of Data Packet Failure : 223
Non Acked Data ping requests : None
Number of Control Path Flaps : 1
Last Control Path Flap : 01/11/2022 10:27:06 Central
Number of Control Packet Failure : 81
Non Acked Control ping requests : None
Is Anchor : Yes
Mobility event statistics
Roam stats
L2 roam count : 0
L3 roam count : 0
Handoff Status Received
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0
Handoff Status Sent
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0

Once the standby Node is in STANDBY_HOT the tunnel goes down. (only one of them) Tunnel to 10.40.99.110

WLC01# show wireless mobility peer ip 10.40.99.110

Mobility Peer Info
===================
Ip Address : 10.40.99.110
Public Ip Address : 10.40.99.110
MAC Address : 706d.1517.a66d
Group Name : test
Total Number of Clients on Peer : N/A
Local Clients Exported to Peer : 0
Locally Anchored Peer Clients : 0
Keepalive Data Link Status : DOWN
Keepalive Control Link Status : DOWN
DTLS Data Link Cipher : TLS_NUM_NULL_WITH_NULL_NULL
DTLS Data Link Status : Disabled
DTLS Control Link Cipher : TLS_NUM_NULL_WITH_NULL_NULL <--
DTLS Control Link Status : Disabled
PMTU : 1385
Tunnel Plumbed : Yes
Tunnel IFID : 0xA0000001
Number of Data Path Flaps : 5
Last Data Path Flap : 01/20/2022 13:08:31 Central
Number of Data Packet Failure : 683
Non Acked Data ping requests : None
Number of Control Path Flaps : 5
Last Control Path Flap : 01/20/2022 13:09:51 Central
Number of Control Packet Failure : 236
Non Acked Control ping requests : None
Is Anchor : No
Mobility event statistics
Roam stats
L2 roam count : 0
L3 roam count : 0
Handoff Status Received
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0
Handoff Status Sent
Success : 0
Group mismatch : 0
Client unknown : 0
Client blacklisted : 0
SSID mismatch : 0
Denied : 0