We recently developed a Visual Web Part which was using OrganizationService to interact with CRM.
We were initially using Network Credentials for OrganizationService and were setting appropriate username, password and domain. Later we changed it to Default Credentials and set the AppPool identity of the SharePoint portal’s app pool to a CRM User with appropriate access. It was then we started getting this error.
The reason was SharePoint web configuration settings has Identity Impersonation set as true.
If impersonation is set as true, then IIS uses the ‘NT AUTHORITY\IUSR’ but if disabled IIS will run under whatever account been set in the identity pool.
So one way of fixing the issue was setting impersonation as false.
Hope it helps.