I have installed the appliance (zca- for a proof of concept and it works fine so far on vSphere 5u1 and I setup a single domain with LDAP auth against AD with no problems.

I attempted to follow the instructions in the admin guide to enable SPNEGO authentication - we use Kerberos a lot on Windows/Linux workstations. However I now get an Internal Server Error ERROR 500 in the browser when logging in.

I then tried to enable the debugging options suggested in the guide. The details are a bit vague in the docs but it seems I should put this in /opt/zimbra/conf/localconfig.xml

<key name="spnego_java_options">
    <value>"-DDEBUG=true -Dsun.security.spnego.debug=all"</value>
and add a line to /opt/zimbra/conf/log4j.properties.in (the docs say without the .in but that file is generated at the service start up and overwritten)

The localconfig change causes the Zimbra system to fail to start up. The extra logging seems to cause this:

2012-09-20 10:48:57.061:WARN:oejs.ServletHandler:/
        at org.eclipse.jetty.server.Response.sendRedirect(Response.java:450)
        at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
        at org.eclipse.jetty.http.gzip.GzipResponseWrapper.sendRedirect(GzipResponseWrapper.java:306)
        at org.apache.taglibs.standard.tag.common.core.RedirectSupport.doEndTag(RedirectSupport.java:148)
        at org.apache.jsp.public_.login_jsp._jspx_meth_c_redirect_7(login_jsp.java:3212)
        at org.apache.jsp.public_.login_jsp._jspx_meth_c_if_19(login_jsp.java:3171)
I have double checked the settings using zmprov and they all look correct against the doc examples.

I'd be grateful for some directions on getting this working.