We are installing a green field ISE 2.0 sp2 solution for wireless endpoints, one 802.1x corporate SSID and two guest portals. The WLC's are 5520's running code 8.1.131 Everything seems to be working as designed, until a windows user attempts to log into the 802.1x SSID and there are no windows credentials cached on the laptop for that user. Once the machine authenticates, the airspace ACL that is on the WLC allows traffic to DNS, DHCP, ISE and DC. I can see the machine authenticate in ISE, the proper ACL is pushed to the WLC, the WLC shows the session and correct ACL, the user authentication attempt is not seen by ISE, then the Windows laptop barks that it can not find a Domain Controller to authenticate against.
I am not sure where to begin to troubleshoot this. Thank you.