Belajar Bluecoat - NT AUTHORITY\ANONYMOUS LOGON in Bluecoat Proxy SG

I see "nt authority\anonymous logon" and machine names (names that end with a dollar sign $) instead of proper user names.

This happens because some software clients or update agents use the Internet at a time when the machine and/or the AD is unable to identify the proper user

Solution :
1. BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.

This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.

From:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices

To:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
NT AUTHORITY\ANONYMOUS LOGON

2. Management Console->Configuration->Policy->Policy Files->Local Policy->Text editor->Install


define condition IWA_SILENT_USERS
user.regex='.+\$$'
user='NT AUTHORITY\anonymous logon'
end condition
authenticate(IWA_Server) authenticate.mode(proxy-ip)
ALLOW group=ProxyUsers
realm=IWA_Server deny.unauthorized condition=IWA_SILENT_USERS


Note: IWA_Server above MUST be changed to your local name of IWA server that is configured in your proxy. A quick way to find out is by going to your management console->configuration->authentication->realms-> and select the name of the realm that you are using and replace the IWA_Server above with that name