Have you ever heard the phrase 'There is method in madness'?, I'm sure you have. Have you experienced it? I did recently when attempting to give 'NT AUTHORITY\ANONYMOUS LOGON' access to the Set Object Permission to a Business Data Connectivity (BDC) service on SharePoint 2013 Central Administration.

 

Description:

A recent task required me to give 'NT AUTHORITY\ANONYMOUS LOGON' access to a BDC service on our SharePoint 2013 environment. At first I wasn't able to do so. We have a SharePoint 2013, three tier environment setup on Windows 2012 servers and SQL 2012. Our servers have been patched up to the August 2013 CU

 

How and where I experienced the error:

Adding users to BDC's connections is simple.

1. You go to your Central Administration.

2. Under Service Applications, click on Manage Service Application:


3.  Go to your Business Data Connectivity Service Application. Select a Connectivity and click on Set Object Permissions.
 


4. 
Type in 'NT Authority\Anonymous Logon' and hit Enter. The account is confirmed as shown below.


 

5. Now hit Enter or click Add. Below is what you will most probably get.


 

Things I tried that didn't work:

So when we run into an issue what do we do?  'We Bing or Google' since this is a Microsoft related issue, I Binged more than Googled.

At first I came across several articles which spoke about everything and anything you need for BCS except the one I need. Finally, I stumbled upon the below article:

http://www.dontpapanic.com/blog/?p=131

In this article, the author Paul Papanek talks about editing BDC Model's XML file to make add the Anonymous logon account. I must point out that this article was written for SharePoint 2010 and the steps didn't work for me in SharePoint 2013.

 

Accidental discovery that worked:

Below are the steps I tried which worked for me. I am not kidding when I state that this was an accidental discovery. Here is what I did-

  1. I went back to the same BDC service application mentioned above and typed in the name NT Authority\Anonymous Logon.
  2. I didn't hit the enter button, but instead clicked the Add button TWICE in quick succession.

 
Clicking the Add button twice confirmed that the NT Authority\Anonymous Logon is a legitimate account and will also add it without any errors.



Video demo:

 

Below is a short video of me demonstrating the error and the click twice approach. In the video, I have already selected a random BDC and am attempting to add the NT Authority\Anonymous Logon account. I purposely increased the microphone volume so that you can hear hit the Enter button and/or click on the mouse key. In the video I tried three different times to add the NT Authority\Anonymous Logon account.

  1. Simply type the account name and hit enter,
  2. Type the account name and hit enter twice,
  3. Type the  account name and hit the Add button twice in quick succession.




Conclusion:

I'm quite sure that this isn't the only way to resolve this issue, however, it worked for me and perhaps it might work for someone else as well.