Customer saw a lot of below Error in Windows Event log.
"AcceptSecurityContext failure, SEC_E_INVALID_TOKEN, ContextLink=0x0 count=0; status=87:0x57:The parameter is incorrect. "
This issue might related to some application sending HTTP request out to the internet. Some applications are not supporting authentication and will be result in authentication fails finally. It happens mostly when proxy gets authentication requests from non NTLM standard user agents and forwards those to BCAAA server.
To improve this, you could follow this KB article 000022005 and apply the cpl code in your local or central policy file (at the end of file).
Finally this will not totally(100%) eliminate those BCAAA errors but would reduce the error.