Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2

I'm a little new to the Domain Admins group so excuse me if I'm not familiar with all of the terms.  My current problem is this. 

I have a brand new Cisco WLC with all brand new WAPs.  I'm trying to setup WPA2-Enterprise using PEAP.  I started off by following step by step of this implementation: http://www.windowsnetworking.com/articles_tutorials/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part1.html

I think I'm extremely close to having this working, but I have not found a resolution yet.  I've searched all over the internet and have still found no resolution.

I have created the cert, etc and installed it on clients.  The WLC seems to be forwarding the information along correctly.  Below is the security events that I see in the logs on the DC.

First:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/21/2011 9:59:53 AM
Event ID:      5061
Task Category: System Integrity
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      XXXX.local
Description:
Cryptographic operation.

Subject:
    Security ID:        SYSTEM
    Account Name:       XXX
    Account Domain:        XXX
    Logon ID:        0x3e7

Cryptographic Parameters:
    Provider Name:    Microsoft Software Key Storage Provider
    Algorithm Name:    RSA
    Key Name:    certificate-CA
    Key Type:    Machine key.

Then immediately following:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/21/2011 9:53:58 AM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      XXXXX.local
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            domain\user
    Account Name:            domain\user
    Account Domain:           domain
    Fully Qualified Account Name:    domain\user

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    OS-Version:            -
    Called Station Identifier:        10-8c-cf-10-f4-30:vbw-test
    Calling Station Identifier:        18-3d-a2-00-6b-c8

NAS:
    NAS IPv4 Address:        10.0.X.X
    NAS IPv6 Address:        -
    NAS Identifier:            WLC
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            13

RADIUS Client:
    Client Friendly Name:        WLC
    Client IP Address:            10.0.X.X

Authentication Details:
    Connection Request Policy Name:    Secure Wireless Connections 2
    Network Policy Name:        Secure Wireless Connections 2
    Authentication Provider:        Windows
    Authentication Server:        DC.local
    Authentication Type:        PEAP
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            23
    Reason:                An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

Please help, I've been looking at this for hours and am completely out of options!

Thanks,

Tim