I would suggest you to make sure that while using HTTP SPNEGO, the http requests from the browser must contain the Fully Qualified Domain Name:
In order to authenticate into VDP server, HTTP/<FQDN> must be the Service Principal Name defined in VDP server. The beginning of the requested URLs must follow the pattern http://www.<FQDN> or http://<FQDN> so the browser requests a Kerberos ticket for HTTP/<FQDN>.
Additionally, you can enable Kerberos debug mode to resolve the issue. For enabling Kerberos in Northbound connections, you can follow the steps 1 through 4 in the knowledge base article [Kerberos configuration and troubleshooting](https://community.denodo.com/kb/view/document/Kerberos%20configuration%20and%20troubleshooting?category=Security) under the section, Kerberos debug mode.
Also, if you are a customer with a valid support account, you can open a support case at support.denodo.com.
Hope this helps!