First off don't upgrade to patch 7 just yet, there are some bugs with the sponsor/guest portal right now.
For the guest user disconnection, you should check the session timeout (per-wlan) and the idle timeout (global setting) on the WLC. Unless the guest account expires, ISE shouldn't send a CoA to the controller.
I am running version 7.4.121, should be the most stable right now. Putting ISE and the vWLC into separate subnets seems to solve the issue completely.
I have tried various server timeout values up to 20 seconds, I usually get the same result. The loss of communication occurs when an endpoint errors out with "5434 Endpoint conducted several failed authentications of the same scenario" - this only happens when the two are in the same subnet.
Using a vWLC - experiencing the same problem with RADIUS authentication. Have upgraded in stages to version 184.108.40.206. I think we need to concentrate on WLC configuration and possible code problems. The symptoms are the same "available - unavailable messages" between a RADIUS pair (not ISE systems). It is like the WLC shuns both RADIUS boxes.
It would not be unreasonable to suggest that this is a new problem introduced in the vWLC code as these servers are working just fine with two physical 5508 WLCs during periods when the virtual WLC starts flipping. This is a pretty serious problem when it happens. The 7.6 line of code so far - has the same problem.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...