You see the NT AUTHORITY\ANONYMOUS LOGON username in the access logs
You see NT AUTHORITY\ANONYMOUS LOGON in the policy trace
BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.
This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.
From:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
To:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
NT AUTHORITY\ANONYMOUS LOGON
Note : Please make sure there are no spaces or blank characters after NT AUTHORITY\ANONYMOUS LOGON on the last line from the example below.