I finally got this one figured out with the help of TAC. What was going on was that I had stopped using the Endpoints Repository for role mapping points as it had proved its self to me several times as being unreliable. Little did I know this was actually due to me missing some set up steps many many moons ago.
As I discovered via TAC, the reason my Endpoint Repository was not reliable was because I was not feeding it properly. (yes, you can feed it after midnight but no, you cannot get it wet) Of all the VLANs I had involved with wireless access, only one of them had my ClearPass box set as a DHCP helper. As was explained to me by TAC, ClearPass gets most of its device information via DHCP requests, so if it is not getting the requests, it's database will not be complete. He also reassured me that the CPPM box will never actually respond to a DHCP request, it just reads the information from it.
Since that TAC call (which was a marathon 4 hour call) I have added my ClearPass box as a DHCP helper for all VLANs in question and within fifteen to twenty minutes all of my roles were being read correctly and have been stable since.
So Cappy and all the gang, thanks again for all of the help and insight, much appreciated!