man thinking

The changes cannot be saved to the system definition, because the entered connection properties contain invalid values.

‚ÄčRevertToSelf, so named because of the method call used to implement it, is an authentication method in which the identity of the process running BCS is used to access the back-end system (usually a database such as SQL Server). It is also known as "BDC Identity" in the dialogs of SharePoint Designer. This allows you to use the trusted subsystem model of authentication against a back-end system.

Whether you should do this at all on a production server is perhaps another matter for security experts to debate. Anyway, for whatever reason, that is what you are trying to do. Seems simple enough - what could possibly go wrong?

I turns out this is disabled by default (are they trying to tell you something?). To enable it, you need to do a bit of work with PowerShell on the server, thus:

$bdc = Get-SPServiceApplication | where {$_ -match "Business Data Connectivity"}
$bdc.RevertToSelfAllowed = $true