Just wanted to add my findings to this as it may help someone down the road. When doing a client-deub I came across the RFC messages "User entry deleted: reason=RFC 3576 disconnect". I had made 2 adjustments in the end. I dont recall which one was the one that resolved this issue.
In my case we were using the clearpass server, the CP server was hosting the Web Portal for Captive Portal. I had went into the AAA Profiles, and selected the server that was used for authentication. I had removed the RFC 3576 Server from this config. I also went into the L3 Authentication for the Captive Portal Auth, I had added the option "Add switch IP address in the redirection URL".
After both of these were complete, I no longer received the RFC 3576 disconnects.
Hopes this helps someone down the road.