Most access control / authorization flaws would never be found by a (generic) tool, because it does not have the understanding of what is supposed to be accessible and what not. (Having said that, experienced pentesters probably know that quite a lot of applications also don't have this documented...) So that is an example of a whole class of problems.
Any logic flaw (for example a user being able to create another user with more privileges by design) would also not be picked up by an automated tool.
Any chain of vulnerabilities would not be correlated, like for instance how to use a low risk info leak, together with a medium risk DOM XSS together with another low risk vulnerability to change a user's password to anything the attacker wants (this is an actual example I have seen).
Testing DOM XSS with a plain (usual) scanner like most of those commercial tools is quite difficult as they don't have a Javascript runtime, so they will miss most of it.
Also for things that are testable, a tool may have several patterns to try, but will probably miss more complex cases. For example what if an application had a blacklist filter for XSS that explicitly blocks alert(1) and all of the attack vectors from the tool had that as the payload? Getting through a blacklist filter is almost always possible, but is very hard for an automated tool.
Or consider DoS. How would an automated tool find that?
For a final example, what about buffer overflow in an uploaded and processed file, say a user uploads an image which gets resized by a server side library, vulnerable to bof. How could the automated tool know that's the case and how would it create an exploit for it?
These are just a bunch of examples, I'm sure others will cite a lot more.
In short,
there are whole classes of vulnerabilities that cannot be tested for in the generic case
even for vulnerabilities that are automatically testable, it is pretty much impossible to write comprehensive tests (a set of tests that finds all instances of the vulnerability).
Of course with all of this in mind, I think there is nothing wrong with using tools to make several things quicker. However, any result from a tool needs to be reproduced by the tester, and also he must be aware of the limitations of the tool to be able to augment results with more creative attacks.