SSO Bluecoat

I see "nt authority\anonymous logon" and machine names (names that end with a dollar sign $) instead of proper user names. This happens because some software clients or update agents use the Internet at a time when the machine and/or the AD is unable to identify the proper user Solution : 1. BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials. This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes. From: [SSOServiceUsers] ; Standared Windows service users NetShowServices To: [SSOServiceUsers] ; Standared Windows service users NetShowServices NT AUTHORITY\ANONYMOUS LOGON 2. Management Console->Configuration->Policy->Policy Files->Local Policy->Text editor->Install define condition IWA_SILENT_USERS user.regex='.+\$$' user='NT AUTHORITY\anonymous logon' end condition authenticate(IWA_Server) authenticate.mode(proxy-ip) ALLOW group=ProxyUsers realm=IWA_Server deny.unauthorized condition=IWA_SILENT_USERS Note: IWA_Server above MUST be changed to your local name of IWA server that is configured in your proxy. A quick way to find out is by going to your management console->configuration->authentication->realms-> and select the name of the realm that you are using and replace the IWA_Server above with that name