diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index b6b75fcfd..f0a1e2458 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -7,17 +7,39 @@ class Epp::SessionsController < EppController
 
   # rubocop: disable Metrics/PerceivedComplexity
   # rubocop: disable Metrics/CyclomaticComplexity
+  # rubocop: disable Metrics/MethodLength
   def login
-    cert_valid = true
+    success = true
     @api_user = ApiUser.find_by(login_params)
 
     if request.ip != ENV['webclient_ip'] && @api_user
       unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
-        cert_valid = false
+        @msg = 'Authentication error; server closing connection (certificate is not valid)'
+        success = false
       end
     end
 
-    if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?
+    if success && !@api_user
+      @msg = 'Authentication error; server closing connection (API user not found)'
+      success = false
+    end
+
+    if success && !@api_user.try(:active)
+      @msg = 'Authentication error; server closing connection (API user is not active)'
+      success = false
+    end
+
+    if success && !ip_white?
+      @msg = 'Authentication error; server closing connection (IP is not whitelisted)'
+      success = false
+    end
+
+    if success && !connection_limit_ok?
+      @msg = 'Authentication error; server closing connection (connection limit reached)'
+      success = false
+    end
+
+    if success
       if parsed_frame.css('newPW').first
         unless @api_user.update(password: parsed_frame.css('newPW').first.text)
           response.headers['X-EPP-Returncode'] = '2200'
@@ -33,14 +55,12 @@ class Epp::SessionsController < EppController
       render_epp_response('login_fail')
     end
   end
+  # rubocop: enable Metrics/MethodLength
 
   def ip_white?
     return true if request.ip == ENV['webclient_ip']
     if @api_user
-      unless @api_user.registrar.api_ip_white?(request.ip)
-        @msg = t('ip_is_not_whitelisted')
-        return false
-      end
+      return false unless @api_user.registrar.api_ip_white?(request.ip)
     end
     true
   end
@@ -51,10 +71,7 @@ class Epp::SessionsController < EppController
       'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
     ).count
 
-    if c >= 4
-      @msg = t('connection_limit_reached')
-      return false
-    end
+    return false if c >= 4
     true
   end
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6864c37c8..ede57ad79 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -807,10 +807,8 @@ en:
   domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.'
   domain_delete_rejected_title: 'Domain deletion has been rejected successfully'
   domain_delete_rejected_body: 'You have rejected domain deletion.'
-  ip_is_not_whitelisted: 'IP is not whitelisted'
   no_permission: 'No permission'
   access_denied: 'Access denied'
-  connection_limit_reached: 'Connection limit reached'
   common_name: 'Common name'
   md5: 'Md5'
   interface: 'Interface'
@@ -834,3 +832,4 @@ en:
   create_bank_statement: 'Create bank statement'
   create_bank_transaction: 'Create bank transaction'
   create_new_invoice: 'Create new invoice'
+  ip_is_not_whitelisted: 'IP is not whitelisted'
diff --git a/spec/epp/session_spec.rb b/spec/epp/session_spec.rb
index b1ad5d136..e0a7c6dfd 100644
--- a/spec/epp/session_spec.rb
+++ b/spec/epp/session_spec.rb
@@ -25,7 +25,7 @@ describe 'EPP Session', epp: true do
     it 'does not log in with invalid user' do
       wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' })
       response = epp_plain_request(wrong_user)
-      response[:msg].should == 'Authentication error; server closing connection'
+      response[:msg].should == 'Authentication error; server closing connection (API user not found)'
       response[:result_code].should == '2501'
       response[:clTRID].should == 'ABC-12345'
     end
@@ -36,7 +36,7 @@ describe 'EPP Session', epp: true do
 
       inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' })
       response = epp_plain_request(inactive)
-      response[:msg].should == 'Authentication error; server closing connection'
+      response[:msg].should == 'Authentication error; server closing connection (API user is not active)'
       response[:result_code].should == '2501'
     end
 
diff --git a/spec/features/registrar/sessions_spec.rb b/spec/features/registrar/sessions_spec.rb
index 5d5f3095a..af68065df 100644
--- a/spec/features/registrar/sessions_spec.rb
+++ b/spec/features/registrar/sessions_spec.rb
@@ -114,7 +114,7 @@ feature 'Sessions', type: :feature do
       fill_in 'user_phone', with: '00007'
       click_button 'Log in'
 
-      page.should have_text('Check your phone for confirmation code')
+      page.should have_text('Confirmation sms was sent to your phone. Verification code is')
       page.should have_text('SIM application error')
     end
 
@@ -143,7 +143,7 @@ feature 'Sessions', type: :feature do
       fill_in 'user_phone', with: '00007'
       click_button 'Log in'
 
-      page.should have_text('Check your phone for confirmation code')
+      page.should have_text('Confirmation sms was sent to your phone. Verification code is')
       page.should have_text('Welcome!')
     end