I have exactly the same problem...
2920 Switch, running 16.04.0009, and every time I send a CoA I get the same error as you. No amount of debugging the switch provides any insight about what attribute it thinks it's missing.
The only difference between my case and yours, so far as I can see, is that I'm using Cisco ISE as the RADIUS Server. We both get the same error though so presumably this points to a switch problem?
The gist of my switch config is...
Base-Config-2920(config)# sh ru | inc radius
radius-server host 172.16.34.22 key <Some Pass>
radius-server host 172.16.34.22 dyn-authorization
radius-server host 172.16.34.22 time-window 0
aaa server-group radius "CiscoISE" host <Some IP>
aaa accounting network start-stop radius
aaa authentication port-access eap-radius server-group "CiscoISE"
Base-Config-2920(config)# sh ru | inc aaa
aaa server-group radius "CiscoISE" host <Some IP>
aaa accounting update periodic 1
aaa accounting network start-stop radius
aaa accounting session-id common
aaa authentication port-access eap-radius server-group "CiscoISE"
aaa authentication mac-based chap-radius server-group "CiscoISE"
aaa port-access gvrp-vlans
aaa port-access authenticator 2-24
aaa port-access authenticator 2 quiet-period 30
aaa port-access authenticator 2 unauth-period 30
aaa port-access authenticator 2 logoff-period 86400
aaa port-access authenticator 2 client-limit 3
...
aaa port-access authenticator active
aaa port-access mac-based 2-24
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 logoff-period 86400
aaa port-access mac-based 2 quiet-period 30
aaa port-access mac-based 2 reauth-period 14400
...
aaa port-access 2 controlled-direction in
aaa port-access 2 mixed
And ISE is using the following attributes to initiate the CoA;
HP-PORT-BOUNCE-HOST
radius Acct-Session-Id
radius calling-station-id
radius event-timestamp
radius nas-ip-address
radius nas-port
The 'error cause' message that gets sent back to the RADIUS Server by the switch says 'missing attribute', but I can't work out which one is missing.
Both devices in the same timezone and on the same NTP server.
Any clues?!