Typical issue here is the content access account and the DisableLoopback setting in the registery as per https://social.technet.microsoft.com/wiki/contents/articles/25863.access-is-denied-verify-that-either-the-default-content-access-account-has-access-to-this-repository-or-add-a-crawl-rule-to-crawl-this-repository.aspx
This did not solve it for us. Our environment is a full intranet and users login\authenticate via AD. To prevent auth popups on the site we add the intranet sites to the intranet zone on IE settings.
If you have the issue as per above make sure that the sites are added to the intranet zone on your CRAWL server as well; which fixed it for us