Welcome Coronavirus work-from-home folks trying to get their Cisco AnyConnect VPN working! I wrote this article about a year and a half ago but have recently refreshed it.
If solution below still works for you, please leave a comment below. Thanks, and happy social distancing! :)
If you use Fiddler to watch network traffic on your computer, it creates personal certificates that interfere with Cisco AnyConnect VPN.
- Inside Fiddler, choose
- Click the certificate maker. Click "Clear server certificates on Exit.".
You may have to reboot to clear memory, but you should be able to use your VPN normally after that.
I use Cisco AnyConnect to connect to a client's VPN. Lately, it started hanging with the status message "Hostscan is waiting for the next scan".
The logs show a loop that lasts a little over 10 minutes where it scans and starts over until it finally gives up.
9:42:46 AM Hostscan state idle 9:42:48 AM Hostscan is waiting for the next scan 9:43:50 AM Hostscan is performing system scan 9:43:51 AM Hostscan is performing software scan 9:43:58 AM Hostscan state idle 9:44:00 AM Hostscan is waiting for the next scan 9:45:03 AM Hostscan is performing system scan 9:45:04 AM Hostscan is performing software scan 9:45:19 AM Hostscan state idle 9:45:22 AM Hostscan is waiting for the next scan 9:46:24 AM Hostscan is performing system scan 9:46:24 AM Hostscan is performing software scan
I read something about removing personal certificates helping with this, but I only have a few personal certificates, and they are my machine name,
localhost, local development, and something NVIDIA put on there.
But then I read something else about personal certificates in IE11. Sure enough, under Tools (or the gear icon) > Internet Options > Content there is a button for Certificates.
After clicking that, I saw something very different from the machine certificates. They were there, plus some other certificates for local development, but there were HUNDREDS like
I sorted by the name, selected them, and removed them. Then I tried Cisco AnyConnect again, and it finally connected.
The wildcard certificates I saw in the IE11 Internet Options were created by Fiddler, which I use to watch network traffic and inspect web requests and responses. Fiddler acts as a proxy between your computer and your internet connection, and I guess it creates a personal wildcard certificate for every site you visit, or when Dropbox syncs, or your email does a send/receive, etc.
Since I must use Cisco AnyConnect for the VPN and I only use Fiddler sometimes, I removed the wildcard certificates and uninstalled Fiddler and I've been able to connect to the VPN reliably for a week now.