When the user enters a password that does not meet the complexity requirement or fails due to some reason Netscaler does not return meaningful failure reason and rather say "Invalid username and password"

For example, user is trying to login with an expired password through Netscaler Gateway and then Netscaler will redirect the user to the change password page. User will need to provide the new password twice in order to change the password. If user entered a new password that is not fulfilling the complexity requirement then it throws "incorrect credentials" error message. So a user is not sure why would change password process failed.

Navigate to NetScaler Gateway > Global Settings > Change authentication AAA settings > Select "Enable Enhanced Authentication Feedback"

This way Netscaler will give a meaningful and appropriate error code and failure reason for various user authentication failures (including No user found, Account Locked, Account disabled etc.)

---

Problem Cause

Enhanced Authentication feedback is not enable by default.