When using the configuration utility or Secure Shell (SSH) session to log on to a NetScaler appliance, the "Connection limit to CFE exceeded" message might appear. This message appears if an earlier session is closed without logging out of the session.
Note: CFE represents Configuration Engine.

When an SSH session is opened to the NetScaler appliance, and the username and password are typed, SSH session does not respond for 90 seconds and then the connection is closed. No authentication errors are received. After typing the username and password, the following message is displayed in GUI after 60 seconds:
"login command failed over API. Reason: HTTP Error: socket read of headers timed out".

This is a known issue and is fixed in NetScaler software release 10.0 build 70.7 and later. It is recommended to upgrade the existing NetScaler version to the latest build of NetScaler 10.1.

Workaround

As a workaround, complete the following steps:

1. Run the following command to view all the active sessions:
   show system session

2. Run the following command to close all sessions:
   kill system session all

   Note: You can also specify specific sessions.

After the sessions are forcefully closed, the sessions can be logged on successfully.

Problem Cause

The NetScaler appliance might not allow new connections after the limit for maximum number of connections are reached, even if some users have logged out. The management CPU might spike to 100 percent because of an orphan command line interface process. When there are many orphan command line interface processes, the error "CFE limit exceeded" is logged to the nslog file.