Sorry here's the sanitized run configuration, I suspect it may be related to the tacacs server pick-method configuration?

aaa group server tacacs+ DCBB_ISE_TACACS
server-private 172.24.**.** key 7 *************
server-private 172.24.**.**
ip vrf forwarding Mgmt-vrf
pick-method load-balanced

FTUS015NET001# show run brief
Building configuration...

Current configuration : 12363 bytes
!
! Last configuration change at 04:41:15 UTC Tue Mar 21 2023 by *******
!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname *******5NET001
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 *********
!
aaa new-model
!
!
aaa group server tacacs+ DCBB_ISE_TACACS
server-private 172.24.**.** key 7 *************
server-private 172.24.**.**
ip vrf forwarding Mgmt-vrf
pick-method load-balanced
!
aaa authentication login default group DCBB_ISE_TACACS local enable
aaa authentication enable default group DCBB_ISE_TACACS enable
aaa authorization exec default group DCBB_ISE_TACACS if-authenticated
aaa authorization commands 1 default group DCBB_ISE_TACACS if-authenticated
aaa authorization commands 3 default group DCBB_ISE_TACACS if-authenticated
aaa authorization commands 5 default group DCBB_ISE_TACACS if-authenticated
aaa authorization commands 15 default group DCBB_ISE_TACACS if-authenticated
aaa accounting exec default start-stop group DCBB_ISE_TACACS
aaa accounting commands 1 default start-stop group DCBB_ISE_TACACS
aaa accounting commands 3 default start-stop group DCBB_ISE_TACACS
aaa accounting commands 5 default start-stop group DCBB_ISE_TACACS
aaa accounting commands 15 default start-stop group DCBB_ISE_TACACS
!

!
!
aaa session-id common
switch 1 provision ws-c3650-48fqm
!

!
call-home
vrf Mgmt-vrf
!
!
!
ip name-server vrf Mgmt-vrf 172.24.**.* 172.24.**.*
ip domain name ******.local
!
!
!
no ip dhcp snooping information option
!

!
vtp mode transparent
!
!
!
port-channel load-balance src-dst-ip
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure
errdisable recovery cause loopback
errdisable recovery cause psp
errdisable recovery interval 60
license boot level ipbasek9
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4093 priority 0
!
!
username ******* privilege 15 secret 5 *************
!
redundancy
mode sso
!
!
vlan **
name Guest
!
vlan **
name Provisioning
!
vlan **
name Facilities
!
vlan **
name Server
!
vlan **
name vMotion
!
vlan **
name SDWAN-HA
!
vlan **
name Instrument
!
vlan **
name Computer
!
vlan **
name Printer
!
vlan **
name VoIP
!
vlan 500
name IB_Mgmt
!
vlan **
name AP_Mgmt
!
vlan **
name Firewall_sync
!
vlan **
name InterCo_LAN
!
vlan **
name InterCo_VCE
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!

!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.10.252.** 255.255.255.192
negotiation auto

!
interface TenGigabitEthernet1/1/1
switchport trunk allowed vlan *************
switchport trunk allowed vlan add ***********
switchport mode trunk
!
interface TenGigabitEthernet1/1/2
switchport trunk allowed vlan **********
switchport trunk allowed vlan add ************************
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport trunk allowed vlan *******************************
switchport trunk allowed vlan add ****************
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport trunk allowed vlan *************************
switchport trunk allowed vlan add ****************
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan500
description Inband Mgmt
ip address 10.10.47.xx 255.255.xxx.xx
ip helper-address 10.10.47.xx
no ip redirects
no ip proxy-arp
!
ip forward-protocol nd
ip forward-protocol udp 4011
no ip http server
ip http authentication local
no ip http secure-server
ip http client source-interface Vlan500
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.10.252.1
ip ssh version 2
ip scp server enable
!
ip access-list standard SNMP_Servers
permit 10.10.47.***
permit 172.24.80.*
permit 172.24.80.*
deny any log
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
snmp-server group SNMPv3_GRP v3 priv read VIEW_ALL access SNMP_Servers
snmp-server view VIEW_ALL iso included
snmp ifmib ifindex persist
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
no vstack

!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
logging synchronous
transport input ssh
line vty 5 15
transport input ssh
!
ntp source Vlan500
ntp server vrf Mgmt-vrf 172.24.xx.x prefer
ntp server vrf Mgmt-vrf 172.24.xx.x
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end