Installing the NAV 2009 middle tier on an existing CRM server using a multi-server approach can cause some issues in regards to the SQL server security.
When your NAV 2009 service tier is running on a different computer than the SQL server, you must enable the Object Change Listener (http://msdn.microsoft.com/en-us/library/dd568739.aspx)
In my case, I was using the Network Service account to run my NAV services, which means I had to set the Machine name in all the stored procedures required for the setup.
Doing so seemed to mess up my CRM installation. My computer account was still a member of the standard SQLAccessGroup and the PrivUserGroup, but all of a sudden I ran into the following errors when opening CRM.
Exception message: Cannot open database “CRMTest_MSCRM” requested by the login. The login failed.
Login failed for user ‘DOMAIN\COMPUTERNAME$’.
Exception message: The SELECT permission was denied on the object ‘ConfigurationMetadata’, database ‘MSCRM_CONFIG’, schema ‘dbo’.
It seemed that adding this computer account to the SQL security overruled the group security set in SQL.
To solve this I just set the same user mappings on my Computer account than on the SQL Access Group, which is public and db_owner on the MSCRM_CONFIG and CRM organization database as shown below.
I could have also set the NAV services to run as a dedicated domain user account.
Don’t think it would have caused any problems setting it up in such a way J