diff --git a/base/univention-server/server_password_change b/base/univention-server/server_password_change
index 7ce6be04b3..099718e445 100755
--- a/base/univention-server/server_password_change
+++ b/base/univention-server/server_password_change
@@ -196,7 +196,7 @@ run-parts --verbose --arg localchange --regex '^univention-samba4' -- /usr/lib/u
 # if samba-tool user setpassword fails, reset the old password.
 if [ $? != 0 ]; then
 	revert_password_change
-	FAIL "resetting old server password for $ldap_hostdn, because samba could not set the new password locally."
+	FAIL "Failed to set new password in samba, machine password set back to old password for $ldap_hostdn."
 fi
 
 # The password is changed on the master now, but it is not clear if
@@ -218,7 +218,7 @@ do
 		# changes that would only worsen the situation. Instead, try to rollback.
 		# Reset the old password with UDM and give up.
 		revert_password_change
-		FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password"
+		FAIL "Access to local LDAP did not work with the new password, machine password set back to old password for $ldap_hostdn."
 	fi
 	trial_counter=$(( trial_counter - 1))
 done
diff --git a/services/univention-samba4/server_password_change.d/univention-samba4 b/services/univention-samba4/server_password_change.d/univention-samba4
index 9745fe5e44..1275a4c67d 100755
--- a/services/univention-samba4/server_password_change.d/univention-samba4
+++ b/services/univention-samba4/server_password_change.d/univention-samba4
@@ -50,6 +50,7 @@ set_machine_secret() {
 	-
 	%EOF
 	if [ "$?" -ne "0" ]; then
+		echo "ERROR: Storing new password in samba secrets.ldb failed."
 		install -m 0600 /etc/krb5.keytab.SAVE /etc/krb5.keytab
 		exit 1
 	fi
@@ -63,6 +64,8 @@ if [ "$1" = "localchange" ]; then
 
 	## if samba-tool user setpassword fails, revert changes to secrets.ldb and krb5.keytab
 	if [ "$?" -ne "0" ]; then
+		echo "ERROR: Changing machine password in Samba failed."
+		echo "INFO: Restoring secrets.ldb and krb5.keytab."
 		old_password=$(tail -n 1 /etc/machine.secret.old | sed -n 's/^[0-9]*: //p')
 		ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF
 		dn: flatname=${windows_domain},cn=Primary Domains