diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 792146ea..3559c1f8 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -212,6 +212,7 @@ static int _try_token_pin_unlock(struct crypt_device *cd,
 		crypt_safe_free(pin);
 		pin = NULL;
 		tools_keyslot_msg(r, UNLOCKED);
+		tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), true);
 		check_signal(&r);
 	} while (r == -ENOANO && (--tries > 0));
 
@@ -796,6 +797,7 @@ static int action_resize(void)
 						ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL,
 						CRYPT_ACTIVATE_KEYRING_KEY);
 		tools_keyslot_msg(r, UNLOCKED);
+		tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false);
 
 		/* Token requires PIN, but ask only if there is no password query later */
 		if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO)
@@ -1580,6 +1582,7 @@ static int action_open_luks(void)
 		r = crypt_activate_by_token_pin(cd, activated_name, ARG_STR(OPT_TOKEN_TYPE_ID),
 						ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL, activate_flags);
 		tools_keyslot_msg(r, UNLOCKED);
+		tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false);
 
 		/* Token requires PIN, but ask only if there is no password query later */
 		if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO)
diff --git a/src/cryptsetup.h b/src/cryptsetup.h
index 65bab7eb..31455208 100644
--- a/src/cryptsetup.h
+++ b/src/cryptsetup.h
@@ -72,6 +72,7 @@ int translate_errno(int r);
 typedef enum { CREATED, UNLOCKED, REMOVED  } crypt_object_op;
 void tools_keyslot_msg(int keyslot, crypt_object_op op);
 void tools_token_msg(int token, crypt_object_op op);
+void tools_token_error_msg(int error, const char *type, int token, bool pin_provided);
 
 extern volatile int quit;
 void set_int_block(int block);
diff --git a/src/utils_tools.c b/src/utils_tools.c
index a5c3a6b2..dbd83695 100644
--- a/src/utils_tools.c
+++ b/src/utils_tools.c
@@ -271,6 +271,36 @@ void tools_token_msg(int token, crypt_object_op op)
 		log_verbose(_("Token %i removed."), token);
 }
 
+void tools_token_error_msg(int error, const char *type, int token, bool pin_provided)
+{
+	if (error >= 0)
+		return;
+
+	if (error == -ENOANO) {
+		if (pin_provided)
+			log_verbose(_("No token could be unlocked with this PIN."));
+		else if (token != CRYPT_ANY_TOKEN)
+			log_verbose(_("Token %i requires PIN."), token);
+		else if (type)
+			log_verbose(_("Token (type %s) requires PIN."), type);
+	} else if (error == -EPERM) {
+		if (token != CRYPT_ANY_TOKEN)
+			log_verbose(_("Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."), token);
+		else if (type)
+			log_verbose(_("Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."), type);
+	} if (error == -EAGAIN) {
+		if (token != CRYPT_ANY_TOKEN)
+			log_verbose(_("Token %i requires additional missing resource."), token);
+		else if (type)
+			log_verbose(_("Token (type %s) requires additional missing resource."), type);
+	} if (error == -ENOENT) {
+		if (type)
+			log_verbose(_("No usable token (type %s) is available."), type);
+		else
+			log_verbose(_("No usable token is available."));
+	}
+}
+
 /*
  * Device size string parsing, suffixes:
  * s|S - 512 bytes sectors