I've ran a aaa test user from a controller and get the same error on clearpass. I've also removed all reference to the second dc from clearpass and only used the original dc, same results.
Also during troubleshooting I stood up a brand new clearpass vm, left it as its own publisher, joined it into the domain and immediately got the same authentication failure results, so I'm confident that this is a MS issue.