You are configuring Symantec Web Gateway 5.x to integrate it with your Microsoft Active Directory and using NTLM as your Authentication method. When you press the button NTLM (HTTP 407) to test it out you get the error below:

 Error: An error occurred while contacting the domain controller: 255 Could not initialise lsa pipe net_rpc_join_ok: failed to get schannel session key / Error was NT_STATUS_ACCESS_DENIED
 

Note: 407 NTLM authentication is only available when you enable the Symantec Web Gateway HTTP/HTTPS proxy.

Error: An error occurred while contacting the domain controller: 255 Could not initialise lsa pipe net_rpc_join_ok: failed to get schannel session key / Error was NT_STATUS_ACCESS_DENIED

The Domain Controller you have configured in  Administration -> Configuration -> Authentication -> NTLM  Configuration has not the correct LAN Manager Authentication Level.

Follow these steps to change it to the correct one:

 1) Go to the Domain Controller you configured in the Authentication tab in the Symantec Web Gateway and open the Start -> Programs -> Administrative Tools -> Domain Controller Security Settings

 2) Go to Local Policies -> Security Options -> Network Security: LAN Manager Authentication Level and change it to
  Send LM &NTLM - use NTLMv2 session security if negotiated

 3) Go back to the Symantec Web Gateway and test the NTLM 407 Authentication protocol in Adminsitration -> Configuration -> Authentication