We have set up a two node Tomcat clustered UA 4.6.2 based on the recommendation of MF. Means idmapps and ops on each cluster, sspr outside on its own box.
Everything works well, except the Login. After getting the Login Page very fast it takes up to 2 minutes to get the Application page (landing, sspr, IDMProv, no matter which one). Only thing I see in sspr.log is:

Preamble: [OIDP]
Priority Level: SEVERE
Java: internal.osp.oidp.service.authentication.classes.s spr.SSPRChecksClass.needToCheck() [206] thread=localhost-startStop-1
Time: 2017-12-15T10:53:50.229+0100
Log Data: Level: SEVERE
Code: internal.osp.oidp.service.authentication.classes.s spr.SSPRChecksClass.needToCheck() [205]
Thread: https-jsse-nio-8443-exec-5
Correlation Id: fab70a92-8392-410b-9b24-5137cd549702
Text: Fehler in SSPR-Anforderung "Get Status":
Fehler: java.net.ConnectException
Die Wartezeit für die Verbindung ist abgelaufen (Connection timed out)
java.net.PlainSocketImpl: PlainSocketImpl.java: socketConnect: -2
java.net.AbstractPlainSocketImpl: AbstractPlainSocketImpl.java: doConnect: 350
java.net.AbstractPlainSocketImpl: AbstractPlainSocketImpl.java: connectToAddress: 206
java.net.AbstractPlainSocketImpl: AbstractPlainSocketImpl.java: connect: 188
java.net.SocksSocketImpl: SocksSocketImpl.java: connect: 392


Preamble: [OSP]
Priority Level: WARNING
Java: internal.osp.common.logging.HttpResponseLogger.log () [138] thread=https-jsse-nio-8443-exec-5
Time: 2017-12-15T10:57:29.511+0100
Log Data: HttpServletResponse (Number 2)
Duration (seconds): 128.385
[Slow Request: : over one minute]

I am just wondering about the different times, but this is not to understand as all servers are synced by ntpd and they are in time. But the first entry comes with the same Login as the second one. Also I have no glue yet, where this huge delay can com from. LDAP is working fast and also Ping times are very good.

Any Idea where to search for this problem?