we have ise 2.4 patch 6, sadly i don't have my hands on those devices, i suppose they are smartphones. If i get one i could investigate further. I just saw many logs from different users failing for this reason so i asked here.

Thanks for your reply.

Not a problem.  I know that at least with some mobile devices, it will prompt the user to access the RADIUS server certificate even if the certificate has been signed by a trusted root authority in its certificate store which results in the end user having to accept the certificate before it will allow the exchange of credentials.  This is particularly true with iOS devices.  One method to counter that behavior is to use wildcard certificates on your PSNs.  That way, the end user will only have to accept the certificate once.

Regards,

-Tim

Unless you are troubleshooting a particular user, you can really just ignore these entries.  If you do an install of any appreciable size involve mobile devices you will see these errors in the logs all the time.  If you try tracking these down you will be spending all your time doing that an many times the user wasn't even really trying to connect.