I have just put my first AP303 into service and it is also my first Instant 8.x AP.
The VC/AP is fully configured by Airwave and behaving 99% as expected except for captive portal which does redirect to captiveportal-login.mydomain.com but presents an error on the client browser saying it cannot resolve the name: "captiveportal-login.mydomain.com's server IP address could not be found". This has been tested on various device types.
EDIT: This is all using Internal Captive Portal
All APs in the network are manage by Airwave using IGC.
The AP303 is a lone AP at a new site, so it is the VC. The new Airwave group was configured by cloning a known-good group using 6.x and migrating the template to the correct version to support 8.x. Firmware version on the VC is 8.3.0.6.
I have confirmed that Airwave has assigned the customer's correct wildcard cert (not default cert) to the AP and confirmed that the cert is present on the AP using 'show cert all'
The SSID config, roles, policies etc. are all the same as other Airwave Groups which use 6.x and they are working just fine.
My understanding is that the AP will intercept any request to this url and it does not need to be configured in any DNS server, and again this is working at other sites in the same org without special DNS records.
Any ideas?