During SpanVA installation it is possible to specify what attribute is used as Secondary ID for directory sync (DSS) imported users.
msDS-PrincipalName is the default attribute for SecondaryID and needs to have valid data.
Resolution
Login to Active Directory server
Open "Active Directory Users and Computers"
Right click a user and click on "Properties"
Go to the Attribute Editor tab
Click the Filter button and check "Show only attributes that have values" and "Constructed"
Find msDS-PrincipalName in alphabetical order and verify the data it is populated with. If it is not displayed then it does not have a value assigned to it msDS-PrincipalName EXAMPLE\USER
Additional Information
Example of a Secondary User ID synced to CloudSOC via SpanVA DSS (Domain is EXAMPLE)