I use Cisco AnyConnect to connect to a client’s VPN. Lately, it started hanging with the status message “Hostscan is waiting for the next scan”.

The logs show a loop that lasts a little over 10 minutes where it scans and starts over until it finally gives up.

9:42:46 AM Hostscan state idle
9:42:48 AM Hostscan is waiting for the next scan
9:43:50 AM Hostscan is performing system scan
9:43:51 AM Hostscan is performing software scan
9:43:58 AM Hostscan state idle
9:44:00 AM Hostscan is waiting for the next scan
9:45:03 AM Hostscan is performing system scan
9:45:04 AM Hostscan is performing software scan
9:45:19 AM Hostscan state idle
9:45:22 AM Hostscan is waiting for the next scan
9:46:24 AM Hostscan is performing system scan
9:46:24 AM Hostscan is performing software scan

I read something about removing personal certificates helping with this, but I only have a few personal certificates, and they are my machine name, localhost, local development, and something NVIDIA put on there.

image

But then I read something else about personal certificates in IE11.  Sure enough, under Tools (or the gear icon) > Internet Options > Content there is a button for Certificates.

image

After clicking that, I saw something very different from the machine certificates. They were there, plus some other certificates for local development, but there were HUNDREDS like *.somewebsite.com. 

I sorted by the name, selected them, and removed them. Then I tried Cisco AnyConnect again, and it finally connected.

The wildcard certificates I saw in the IE11 Internet Options were created by Fiddler, which I use to watch network traffic and inspect web requests and responses. Fiddler acts as a proxy between your computer and your internet connection, and I guess it creates a personal wildcard certificate for every site you visit, or when Dropbox syncs, or your email does a send/receive, etc.

Since I must use Cisco AnyConnect for the VPN and I only use Fiddler sometimes, I removed the wildcard certificates and uninstalled Fiddler and I’ve been able to connect to the VPN reliably for a week now.