If CISCO ACS or any TACACS server is used to authorize command execution for NetScaler, executing lengthy CLI commands (>1460 bytes) results in the following ERROR: "Not authorized to execute this command."

This issue occurs most frequently with the "set appfw profile" command.

This error occurs because of the large number of parameters, but it can occur with any lengthy CLI command. Frequently used commands are typically less than 1460 bytes, so the issue does not occur very often.

This fix for this issue is available in NetScaler 11.0 65.31 and 10.5 62+. This is issue tracked with number 596184 and 519898.

Problem Cause

After every command is executed NetScaler gives call to function "start_tacplus_authorize attempting to auth <adminname>:" However at the time of issue we do not see this function being called.