Wednesday, October 26, 2011

Lync, Sophos, TMG/ISA Incompatibility

On several client workstations I was receiving an error message when starting Lync.  All of these clients were previously running Communicator R2 successfully.  Also, all of these clients are running Sophos anti-virus 9.5.  The message indicated a permission error running communicator.exe.

Using procmon.exe and some time I was able to determine Sophos was blocking Lync for some unknown reason even though it was in the “allowed applications” list.  Note below that I authorized ALL instant messaging applications just to verify it wasn’t Sophos causing the error:




To make this more complicated, no application control event were being logged on the Sophos console either.  After doing some comparisons on client pcs, I discovered that either the ISA Firewall 2004 service or the TMG 2010 firewall service was installed on all of them.  Disabling didn’t fix the problem, but uninstalling and rebooting did.  Shortly thereafter, I discovered a listed incompatibility between sophos and these firewall client pieces.

The fix was to uninstall the firewall clients, and then reinstall Sophos manually from the workstation.  Re-deploying via the console did not work.  I used Spiceworks to determine all of the workstations that had the firewall clients installed and then used WMI to remotely uninstall all of them.  Then I emailed a Sophos reinstall link to the affected users.  After the Sophos reinstall, a reboot was required to get Lync to start again. Using WMI to remotely uninstall is very handy!  As a workaround, I created a group on our Sonicwall the allows direct internet access to the users who need it.

/failfast:on /node:@"c:\computers.txt" product where name="Software Name" call uninstall /nointeractive

See this spiceworks post for more information about using WMI to uninstall remotely.