Alan,
securelogins.arubanetworks.com is the address that ClearPass Guest uses to submit the authentication. This address is the Aruba controller.
Is there any type of firewall between CPPM and the controller?
In your first post, both requests looked normal. The first (old site) was a user login with mac caching, the second (new site) was the original MAC authentication, which failed because the MAC address did not exist in the Endpoints Database. This is a normal process since the MAC would be unknown on initial request, then after login, updated with Guest credentials.
Are you doing the guest access over HTTP or HTTPS? With recent issues surrounding the "securelogins.arubanetworks.com" certificate, HTTPS may be problematic. If HTTPS, can you try doing it over HTTP and see if anything changes?
ClearPass Guest
- Configuration -> Authentication (Uncheck require HTTPS)
Controller
- Configuration -> Authentication -> L3 authentication -> Captive portal profile (use HTTP for authentication).