Having this problem too recently with one of company machines. It gets stuck on the hostscan phase and just keeps looping with that same error " hostscan is waiting for next scan". If I disable the hostscan on the ASA for that specific VPN profile it works fine. We have hundreds of other machines that work fine, so this is limited issue being experienced on one machine so far.
Would appreciate it if anyone has found a solution for this. AnyConnect Version 3.1.04072, hostscan version 3.104072, Windows 7
I had this problem too. It happens when there is to much information being sent back to the ASA regarding this host (hotfixes, certificates, ect) and it goes past (I believe) 200KB in data. This is similar to behavior in CSCui27773 or CSCue68555.
(config)# hostscan data-limit 300
I had bumped up my data-limit 100KB and everything seems to be working just fine, for now.
I came across this on a machine which turned out to have a massive quantity of certificates in certmgr.msc / Personal generated by Fiddler. This produced the following in the ASA syslog:
Apr 8 13:10:57 asa %ASA-3-716600: Rejected 781KB Hostscan data from IP <xx.yyy.zzz.aa>. Hostscan results exceed default limit of 200KB
Cleaning out the Personal store resolved the issue (as well as revoking the root cert) and we'll be watching for any reappearance.
I would rather not up the limit the ASA accepts since this revealed an undesirable condition.
Thank you, thank you thank you thank you tha........
This is such an obscure reason for failure, I would have -never- figured it out! The *real* problem here is that the fact that the hostscan is failing isn't being shown to the user. It just keeps trying, then waiting for the next scan. Horrible design and user experience - they should fix :<
Programs shouldn't fail, but when they do, they should never do so silently!