I have recently resolved an issue with users unable to resolve the captive portal address, and pretty much stumbled across this.
We had a captive portal which was working perfectly fine, and we updated our SSL certificate and this suddenly stopped working. After weeks of troubleshooting this and not finding any issues, we decided to create a test SSID and enable the captive portal on this, which meant we had to change the ip-cp-redirect-address command to the VLAN IP of the controller.
This then sprung into life, and we could resolve the captive portal on the test SSID, we then moved the configuration back to how it originally was and this is now also working...
Has anyone came across any issues where you had to re-enter configuration into a controller for something to work?