The best thing you can do is open a TAC case, because there is alot of personal information on your controller that might need to be analyzed to get to the bottom of this:
http://www.arubanetworks.com/support-services/support-program/contact-support
While you are doing that, you can still post here, and have someone working on your TAC case at the same time.
With that being said, just like any other issue that only happens once in awhile, it would be best to setup a syslog server so that the logs you are looking for do not get erased due to "rolling". After you set that up, you can turn on VPN debugging like this:
config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security process l2tp
logging level debugging security subcat vpn
When the issue happens, I would find out what the public ip address of the user is, and then filter the security logs on that ip address to understand what could be happening:
show log security all | include <public ip address>