KB44815 - The limitation with the Length of EAP packets when connecting Pulse desktop Clients.

If you are adding many realms to one signing URL or you have a large customized sign-in page or notifications configured, the Pulse desktop client stays in connecting status and the connection fails after some time. All this information is included in EAP packets send  to the pulse desktop client. The maximum length  of the EAP packet is 3600 Bytes.
You can configure many realms in one sign-in URL or you can have a customized Sign-in page, unless it is not exceeding the number of characters or length set by an upper limit of framed MTU of EAP response, ie 3600 Bytes.
This is applicable only for PDC-based connections and not for web-based connections. The web-based connection does not have any such limitations.
 

First scenario:
If you are adding many realms to one sign-in URL and realm name (characters) is lengthy enough maxing out the upper limit of framed MTU for EAP response that is 3600 bytes, then Pulse desktop client stays in connecting status and never give a pop-up that lists all the realms associated with this sign-in URL.
Second scenario:
If you have a customized sign-in page of your organization which is exceeding the 3600 bytes of the EAP packet then the Pulse desktop client stays in connecting status and the connection fails after some time.
             

Large EAP packets response were exceeding max framed-MTU ( 3600 bytes) and hence discarding the response at the server end.
 

This is a design limitation in PCS .
 9.1R13 has  the following improvements  implemented.
1:Increased the size of max framed-MTU for EAP response to 4096 bytes to support maximum EAP response possible
2:Additional Event log and Extra debug logs has been added , if max framed-MTU gets exhausted.

WorkArounds:
1:Create a new sign-in policy
 2:Decrease the number of characters in the realm name or sign-in page.
 3:Remove unwanted realms.
 4:Enforce client via Browser