diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index 45854a7b6..09a192e05 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -309,10 +309,14 @@ static BOOL rdg_read_http_unicode_string(wStream* s, const WCHAR** string, UINT1
 {
 	WCHAR* str;
 	UINT16 strLenBytes;
+	size_t rem = Stream_GetRemainingLength(s);
 
 	/* Read length of the string */
-	if (Stream_GetRemainingLength(s) < 4)
+	if (rem < 4)
+	{
+		WLog_ERR(TAG, "[%s]: Could not read stream length, only have % " PRIuz " bytes", rem);
 		return FALSE;
+	}
 	Stream_Read_UINT16(s, strLenBytes);
 
 	/* Remember position of our string */
@@ -320,7 +324,12 @@ static BOOL rdg_read_http_unicode_string(wStream* s, const WCHAR** string, UINT1
 
 	/* seek past the string - if this fails something is wrong */
 	if (!Stream_SafeSeek(s, strLenBytes))
+	{
+		WLog_ERR(TAG,
+		         "[%s]: Could not read stream data, only have % " PRIuz " bytes, expected %" PRIu16,
+		         rem - 4, strLenBytes);
 		return FALSE;
+	}
 
 	/* return the string data (if wanted) */
 	if (string)
@@ -1290,7 +1299,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 		/* Seek over tunnelId (4 bytes) */
 		if (!Stream_SafeSeek(s, 4))
 		{
-			WLog_ERR(TAG, "[%s] Short packet %" PRIuz ", expected 4", __FUNCTION__,
+			WLog_ERR(TAG, "[%s] Short tunnelId, got %" PRIuz ", expected 4", __FUNCTION__,
 			         Stream_GetRemainingLength(s));
 			return FALSE;
 		}
@@ -1301,7 +1310,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 		UINT32 caps;
 		if (Stream_GetRemainingLength(s) < 4)
 		{
-			WLog_ERR(TAG, "[%s] Short packet %" PRIuz ", expected 4", __FUNCTION__,
+			WLog_ERR(TAG, "[%s] Short capsFlags, got %" PRIuz ", expected 4", __FUNCTION__,
 			         Stream_GetRemainingLength(s));
 			return FALSE;
 		}
@@ -1315,7 +1324,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 		/* Seek over nonce (20 bytes) */
 		if (!Stream_SafeSeek(s, 20))
 		{
-			WLog_ERR(TAG, "[%s] Short packet %" PRIuz ", expected 20", __FUNCTION__,
+			WLog_ERR(TAG, "[%s] Short nonce, got %" PRIuz ", expected 20", __FUNCTION__,
 			         Stream_GetRemainingLength(s));
 			return FALSE;
 		}
@@ -1323,7 +1332,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 		/* Read serverCert */
 		if (!rdg_read_http_unicode_string(s, NULL, NULL))
 		{
-			WLog_ERR(TAG, "[%s] Failed to read string", __FUNCTION__);
+			WLog_ERR(TAG, "[%s] Failed to read server certificate", __FUNCTION__);
 			return FALSE;
 		}
 	}
@@ -1340,7 +1349,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 		/* Read message string and invoke callback */
 		if (!rdg_read_http_unicode_string(s, &msg, &msgLenBytes))
 		{
-			WLog_ERR(TAG, "[%s] Failed to read string", __FUNCTION__);
+			WLog_ERR(TAG, "[%s] Failed to read consent message", __FUNCTION__);
 			return FALSE;
 		}