This was solved through TAC after 2 days.
It seems that there is an issue with enabling Captive Portal when no PEF-ENG licence is available.
TAC created all the settings required from sctratch one by one(roles,virtual ap ,ssid,essid, acls, etc..).
Infact when i try to view settings from the GUI most of them are blanks, which have to rollback if touched. The SSID is not setup as guest but as employee type. Furthermore, without PEF-ENG there ca only be one Captive Portal Policy / SSID.
Everytime you enable PEF-ENG and disable PEF-ENG a restart of the controllers is required as settings will not work properly.
below find the configuration provided implemented by TAC
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
ip access-list session captiveportal6
ipv6 user alias controller6 svc-https captive
ipv6 user any svc-http captive
ipv6 user any svc-https captive
ipv6 user any svc-http-proxy1 captive
ipv6 user any svc-http-proxy2 captive
ipv6 user any svc-http-proxy3 captive
ip access-list session v6-logon-control
ipv6 user any udp 546 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-dns permit
ipv6 any network fc00::/7 any permit
ipv6 any network fe80::/64 any permit
ipv6 any alias ipv6-reserved-range any deny
!
aaa profile "Wifi_Guest"
initial-role "Wifi_Guest"
dot1x-server-group "internal"
!
aaa authentication captive-portal "Wifi_Guest"
default-role "Wifi_Guest"
show-acceptable-use-policy
!
wlan virtual-ap "Wifi_Guest"
aaa-profile "Wifi_Guest"
vlan 255
ssid-profile "Wifi_Guest"
user-role aruba1234-guest-logon
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
captive-portal Wifi_Guest
ap-group "default"
virtual-ap "Wifi_Guest"
wlan ssid-profile "wifi_Guest"
essid "Wifi_Guest"