Wireless Access

how can i troubleshoot this issue and find the root cause

Wrong passwords between MC and MM

OR MM and MM

In your Mobility Master (MM) there will be a line(s) in the configuration for each of the Mobility Controllers (MCs):

!
localip <controller-ip> ipsec ******

 To find it easier and to de-encrypt the ipsec PSK try this:

cd /mm
encrypt disable
show configuration effective | include localip

Try setting this PSK to what you configured during the full-setup phase of the controller. 

For the MM redundancy (MM to MM)  the ipsec key is configured under 'master-redundancy'. Look for the following:

peer-ip-address <MM-peer> ipsec <ipsec-key>

This needs to be the same at both MMs.

Remember to 'encrypt enable' when you're done. 

how can i check the error by the debug ???

As it's IPsec auth failure you would be looking for IKE failure in the ipsec related debug logs. One of these will do the trick:

logging security process crypto level debugging
logging security subcat ike level debugging
logging security process authmgr level debugging

Maybe something like this: <6280> <DBUG> |ike| 10.10.10.99:500-> I <-- Notify: AUTHENTICATION_FAILED (IKE)

Remember to turn off debug level logging after you're finished.