I came across this issue from one of our customers trying to onboard a device user1 on the device could not onboard as the clear pass is not sending the username to the AD server, But User 2 is able to successfully onboard on the same device. The logs are from ADCS.
Looks like ClearPass is sending hyphen (underlined in the log below) instead of username for user1, But for user2 it works fine.
First 3 user1 failed logs and the last one is user2 log showing successfully connected, ****masked the customer info in the logs****
I thought to discuss here before calling Aruba TAC
2017-12-08 11:38:19 W3SVC1 hostname 10.10.20.183 POST /certsrv/certfnsh.asp - 443 - 192.168.34.3 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_5)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 - - hostname.core.customer.com 401 1 3221225581 1515 510 31
2017-12-08 11:40:12 W3SVC1 hostname 10.10.20.183 POST /certsrv/certfnsh.asp - 443 - 192.168.34.3 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_5)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 - - hostname.core. customer.com 401 1 3221225581 1515 510 15
2017-12-08 11:40:57 W3SVC1 hostname 10.10.20.183 POST /certsrv/certfnsh.asp - 443 - 192.168.34.3 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_5)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 - - hostname.core. customer.com 401 1 3221225581 1515 510 15
2017-12-08 11:43:37 W3SVC1 hostname 10.10.20.183 POST /certsrv/certfnsh.asp - 443 Domain\username 192.168.34.3 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_5)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 - - hostname.core. customer.com 200 0 0 16266 2435 3781