Cisco AnyConnect – Hostscan is waiting for the next scan

Trying to get on a client’s VPN today via the Cisco AnyConnect VPN software presented a problem this morning. The process for connecting would freeze on “Hostscan is waiting for the next scan”. After some quick googling I found that the client (my laptop) was possibly attempting to send all of the personal SSL cerficiates the client currently has to the server for inspection(?).

Fiddler creates dozens of certificates when intercepting web traffic during debugging. Since Fiddler uses a man in the middle attack to intercept HTTPS traffic, it has to create certificates for each site you browse. After a few hours of developing (and having other browsers on your computer open), these certificates can clog up the pipe to the VPN server when the client tries to send all of them. Another possible reason is the Cisco VPN server isn’t liking the self signed certificates but doesn’t know how to fail gracefully.

Opening up certmgr.msc and clearing out all of the Certificates > Personal > Certificates allowed me to connect again.

Capture

This isn’t a perfect/permanent fix, but hopefully it’ll help!

17 thoughts on “Cisco AnyConnect – Hostscan is waiting for the next scan”

Leave a Reply

Your email address will not be published. Required fields are marked *