Our environment is:
- Windows 2003 Servers: Zesm 4.1ir1 on MCS, PDS
- Netware servers: Edir, NDS and ZFD7
- Clients: Windows XP SP3, NWCL491SP5ir1 and Zesm 4.1ir1

Formerly, when we had older NWCL491 and Zesm 3.5, clients (user-based, managed policy, Edir-tree) had to log in ZESm loginbox with users FDQN and comma separated ! This in contrast as what is mention in Novell Documentation.
Then we upgrade to version 4.1ir1 on the servers. The active clients with 3.5 version still have to login with users FDQN and comman separated. This we can understand.
Now we're building on a new laptop image, with NWCL4.91SP5ir1 and Zesm 4.1ir1, and we were hoping that single signon will be the solution for the pain of new users.
Unfortunately Single Signon doesn't works. After logging in NWCL box, it takes about 1 minute then Zesm loginbox appears with de short username. The only way to come through this is Zesm loginbox is overwriting the short username with de FDQN username (with comma) and fill in its password. Then the Zesm aboutbox shows things are okay.
(On the ESM server we also have to use FDQN to start de ESM console)

So why is Single Signon still not working on the clients and why FDQN with comma ?
Does someone have a suggestion ?

Thanks in advance.