Apologies, I should have placed the solution in here. So, here is the solution:
When looking at the log files, it is important to note that the authd files will look like they are from the LTS/LAC but, in fact, are not. Because the IPCP process has not completed, the CPE does not have an IP address and therefore the LTS/LAC is acting as forwarder for the CPE.
In our case, the CPE was rejecting the VSAs that our downstream provider was stating we had to use. These were:
ERX-Tunnel-Switch-Profile - Reply += (Value ISP supplied)
ERX-Tunnel-Virtual-Router:0 - Reply += (ISP LTS Name)
Tunnel-Server-Endpoint:0 - Reply += (Steered LNS address)
Tunnel-Password:0 - Reply +=
Tunnel-Type:0 - Reply += L2TP
Tunnel-Preference - Reply += (Downstream ISP supplied)
The :0 is the tagged element.
Now, we have to find a way to either "ignore" or "exclude" these VSAs....
Upgrade Junos to 18.2R1.
Utilise the following command within the AAA Profile:
set access profile aaa-profile radius attributes ignore standard-attribute 67
set access profile aaa-profile radius attributes ignore standard-attribute 69
set access profile aaa-profile radius attributes ignore standard-attribute 64
set access profile aaa-profile radius attributes ignore standard-attribute 83
set access profile aaa-profile radius attributes ignore vendor-id 4874 vendor-attribute 66
set access profile aaa-profile radius attributes ignore vendor-id 4874 vendor-attribute 8
set access profile aaa-profile radius attributes ignore vendor-id 4874 vendor-attribute 91
And now everything is operational.