Logins against AD failing in *most* cases. Can see why, butdon't*understand* why.

[Garber, Neal]

> It never occurred to me that the Cisco controllers could be our issue...
> Though I have just checked with a colleague and he did try restarting
> them after hours yesterday, and it didn't help matters. If you can find
> out what setting you changed that would be ideal, but probably best to
> email me directly as this is getting somewhat off-topic for the list.

Sorry for the delay in responding Dan.  I've been waiting for the engineer who worked on the problem to find his notes.  He just E-mailed me today and said that it was NOT an issue with the WLC.  Rather, Cisco told him to uncheck the CA in the WZC preferred network; save the config; recheck the CA; save the config again.  

At the time of the problem, he gave me the impression the issue was with the WLC, given that on a prior occasion, rebooting the WLC made the problem disappear.  In any case, just to rule out the client rejecting the server's cert, another option is to *temporarily* uncheck the "validate server certificate" checkbox and see if you can successfully connect.  If you can, that confirms that this is the problem (as Alan already pointed out).