This article will describe how to troubleshoot authentication issues through ADC or Citrix Gateway via aaad.debug on the appliance shell console.

Use this process/steps to troubleshoot authentication issues such as:

• Username/password failures
• General authentication errors 
• Group extraction discrepancies
• Authentication policy configuration errors

**This process applies to both Citrix Gateway and ADC appliances.

Troubleshooting Authentication Issues

To troubleshoot authentication with aaad.debug, use the following steps:

• Connect to the Netscaler command console using a Secure Shell (SSH) client such as PuTTY.
• Switch to the shell prompt by entering the following command:  shell

• Change to the /tmp directory by running this command: cd /tmp

• Start the debugging process by running this command: cat aaad.debug
• Attempt an authentication process that requires troubleshooting, such as a user login attempt.
• Review the output of the cat aaad.debug command to troubleshoot the authentication process.
• To stop the debugging process, run this command:  Ctrl+C
• Run the following command to record the output of aaad.debug to a file: cat aaad.debug | tee /var/tmp/<debuglogname>

Where /var/tmp is the required directory path and <debuglogname.log> is the required log name.

The following section provides examples of how aaad.debug module can be used to troubleshoot and 

Additional Resources

CTX138663 – Error Codes Returned by aaad.debug Module of NetScaler
CTX108876 – How to Configure LDAP Authentication on NetScaler
CTX233027 – [NetScaler Gateway Trace Study] – LDAP Authentication
CTX114335 – How to Configure an LDAP Monitor on NetScaler