Some thoughts ..
Can you share with us your DTRACE?
Have you tried creating a new security group, with a new name, and adding the users to that group, and provisioning?
Is your forest/domain "simple" (one domain) or more complex?
What kind of security group is it?
How many people are in the security group?
Do you just have one provisioning group target at the moment?
Not sure how "clear text" LDAP queries and GC look-ups are, but it might be worth doing a netmon from the EV server, and seeing what is being sent to the GC, and what is coming back... Also from the DTRACE, you'll see the LDAP query that is being sent to the GC - what happens if you do the same/similiar query, from the EV server using LDIFDE?
Hope that helps,
Working for cloudficient.com