Security

We have multiple (20+) IAP clusters across the environment, all being managed by AirWave at this time. The guest network redirects the user to a captive portal registration hosted on ClearPass. After registration, the user clicks login and they get a page cannot be displayed or they get bounced back to registration. The login never gets submitted back to the VC and because of that I never get the login attempt in Access Tracker. I have tried multiple login settings including "securelogin.arubanetworks.com" with HTTP, and the VC's IP address with HTTP, but both same result. The same page is being used by another IAP cluster, with identical settings, and it is working. The working ones are IAP-105's and the not working are IAP-205's. The preauth user role allows DHCP, DNS, and HTTP/HTTPS access to ClearPass. There should be no firewall in between blocking. Dynamic RADIUS Proxy is enabled, as I see the MAC auth request first, which fails, before they get the registration page. 

Running short on ideas at this point, any suggestions?

Is that option available in AirWave as well? Override Common Name? We have a wildcard certificate that I was able to upload to AirWave and apply for that VC as the Captive Portal Cert, I logged into ClearPass and updated the NAS Login to "captiveportal-login.company.com", still utilizing HTTP for the login, but I believe that should work to reach the device correct?

We identified the issue. 

We have IAP-105's running 6.4.4.8 and IAP-205's running 6.5.0.0-4.3. Apparently sometime between those two versions, HTTP authentication does not work on the IAP-205's, but works fine on the IAP-105's. We uploaded a wildcard certificate to the Group of IAP-205's and changed the authentication on ClearPass to use HTTPS and it's working now. We are going to upload a server certificate to the IAP-105's to move them to HTTPS as well, but wildcard certs aren't supported on our current code version, as far as I know.

Thanks for the assistance.