Problem rolls on and on and Aruba can't figure it out. So here is what we know:
1) I have a test profile on the controller that I've tested successfully on a RAP-2, RAP-5 and a RAP-155 throught eh AP specific option.
2) All of our RAPs connect through a DCHP via a DLS/Cable provider through an IPSEC tunnel and terminate to a local controller at our data center, but we also have a master at the same location.
3) of the three successful devices, I have tested via my account (admin), the same service account that we use in the field, and a test user account. All three users authenticated through clearpass on my laptop
4) Last night I found a WIn 7 user out in the field connected to a RAP 5 as well as a device utilizing the same service account I tested which also runs on Windows 7. I went into the controller under AP Specific and used the same test profile I used in #1 above which repointed their RAP interfaces from ACS to CPPM and sure enough, those two users timed out with the error unable to complete the EAP transaction. Same problem where the Windows 7 client does not respond back to CPPM during the EAP request but it responds to ACS fine.
5) Right now CPPM is only handling the RADUIS requests.
6) There is absolutely nothing different in the controller about the profile that handles ACS and the one that handles CPPM except for the servers they point to.
Whoever can figure this out gets major Kudos for what its worth!!