If you ever get authentication failures when trying to log on to NetScaler Gateway with credentials you know are correct then start logging the authentication attempts on NetScaler using aaad.debug to find out what is going wrong.
NetScaler Logon Process and Failure Reasons – http://www.jgspiers.com/digging-in-to-citrix-logon-process/
To enable logging, using NetScaler CLI -> type shell -> type cd /tmp -> type cat aaad.debug and press enter. (Authentication, Authorization and Auditing Deamon).
Any authentication attempts will now be displayed in the output shown above.
You can also record the output of AAA to a log file using the below command:
cat aaad.debug | tee /tmp/aaa.log