User logon information is not getting passed over to the Symantec Web Gateway therefore policies do not work when using users logon information to apply the policy.
On Windows 2008, DCinterface notes Event ID 4768 (A Kerberos authentication ticket (TGT) was requested) as a logon event. It then uses the associated Event ID 4624 (An account was successfully logged on) to obtain additional information such as the IP address of the users computer.
Ensure that "Audit Account logon events" is enabled in Domain Security Policy > Security Settings > Local Policies > Audit Policy.
In addition, if Kerberos Authentication logging is disabled, DCInterface is unable to identify logon events.The following Advanced Security Auditing options need to be set to "Enabled" or "Not Configured" for DCInterface to be able to work: