We're having an odd problem with web authentication on a 4402 WLC. Users have to reauthenticate several times before it seems to "stick." After logging in, they'll have to log in again after 2-5 minutes, and then possibly a few more times in the same kind of intervals (sometimes as few as 2-3 reauthentications, once as many as nine times).
Here's an odd wrinkle: we also have a 2106 controller, identically configured (as far as I can verify. They should have the same configuration, except for IP addresses of course). It's rock solid.
Both controllers are pointing to a Cisco ACS (the same one for both) for authentication, which in turn does an LDAP lookup.
Has anyone seen something like this? Digging into the WLC logs shows messages that the user failed authentication (note that the user never gives a bad username/password combo, so it looks as if something internal is forgetting the previous auth). Here's a sample line:
Apr 17 10:03:32.564 aaa.c:1184 AAA-5-AAA_AUTH_NETWORK_USER: Authentication failed for network user '<redacted>'
I also see a lot of messages like this, but again I have no idea if they're connected to my problem:
Apr 17 10:04:13.563 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>
Apr 17 10:03:14.090 apf_foreignap.c:1285 APF-1-CHANGE_ORPHAN_PKT_IP: Changing orphan packet IP address for station00:<redacted> from <redacted> ---><redacted>
Apr 17 10:03:14.090 apf_foreignap.c:1278 APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB. MSCB still in init state. Address:<redacted>
Any insights would be appreciated. Like I said, the fact that this setup is working fine on one WLC but not on the other is creating much head-scratching.