diff --git a/src/common/dpp.c b/src/common/dpp.c
index 3893bb9cc..634010eb7 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3895,16 +3895,15 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 	int ap;
 
 	if (dpp_check_attrs(attr_start, attr_len) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Invalid attribute in config request");
+		dpp_auth_fail(auth, "Invalid attribute in config request");
 		return NULL;
 	}
 
 	wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
 				    &wrapped_data_len);
 	if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid required Wrapped data attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid required Wrapped Data attribute");
 		return NULL;
 	}
 
@@ -3917,15 +3916,14 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
 			    wrapped_data, wrapped_data_len,
 			    0, NULL, NULL, unwrapped) < 0) {
-		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
+		dpp_auth_fail(auth, "AES-SIV decryption failed");
 		goto fail;
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
 		    unwrapped, unwrapped_len);
 
 	if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Invalid attribute in unwrapped data");
+		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
 		goto fail;
 	}
 
@@ -3933,8 +3931,8 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 			       DPP_ATTR_ENROLLEE_NONCE,
 			       &e_nonce_len);
 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid Enrollee Nonce attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid Enrollee Nonce attribute");
 		goto fail;
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: Enrollee Nonce", e_nonce, e_nonce_len);
@@ -3943,8 +3941,8 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 				   DPP_ATTR_CONFIG_ATTR_OBJ,
 				   &config_attr_len);
 	if (!config_attr) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid Config Attributes attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid Config Attributes attribute");
 		goto fail;
 	}
 	wpa_hexdump_ascii(MSG_DEBUG, "DPP: Config Attributes",
@@ -3952,32 +3950,33 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 
 	root = json_parse((const char *) config_attr, config_attr_len);
 	if (!root) {
-		wpa_printf(MSG_DEBUG, "DPP: Could not parse Config Attributes");
+		dpp_auth_fail(auth, "Could not parse Config Attributes");
 		goto fail;
 	}
 
 	token = json_get_member(root, "name");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG, "DPP: No Config Attributes - name");
+		dpp_auth_fail(auth, "No Config Attributes - name");
 		goto fail;
 	}
 	wpa_printf(MSG_DEBUG, "DPP: Enrollee name = '%s'", token->string);
 
 	token = json_get_member(root, "wi-fi_tech");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG, "DPP: No Config Attributes - wi-fi_tech");
+		dpp_auth_fail(auth, "No Config Attributes - wi-fi_tech");
 		goto fail;
 	}
 	wpa_printf(MSG_DEBUG, "DPP: wi-fi_tech = '%s'", token->string);
 	if (os_strcmp(token->string, "infra") != 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Unsupported wi-fi_tech '%s'",
 			   token->string);
+		dpp_auth_fail(auth, "Unsupported wi-fi_tech");
 		goto fail;
 	}
 
 	token = json_get_member(root, "netRole");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG, "DPP: No Config Attributes - netRole");
+		dpp_auth_fail(auth, "No Config Attributes - netRole");
 		goto fail;
 	}
 	wpa_printf(MSG_DEBUG, "DPP: netRole = '%s'", token->string);
@@ -3988,6 +3987,7 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 	} else {
 		wpa_printf(MSG_DEBUG, "DPP: Unsupported netRole '%s'",
 			   token->string);
+		dpp_auth_fail(auth, "Unsupported netRole");
 		goto fail;
 	}
 
@@ -4685,38 +4685,37 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth,
 	if (!root)
 		return -1;
 	if (root->type != JSON_OBJECT) {
-		wpa_printf(MSG_DEBUG, "DPP: JSON root is not an object");
+		dpp_auth_fail(auth, "JSON root is not an object");
 		goto fail;
 	}
 
 	token = json_get_member(root, "wi-fi_tech");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG, "DPP: No wi-fi_tech string value found");
+		dpp_auth_fail(auth, "No wi-fi_tech string value found");
 		goto fail;
 	}
 	if (os_strcmp(token->string, "infra") != 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Unsupported wi-fi_tech value: '%s'",
 			   token->string);
+		dpp_auth_fail(auth, "Unsupported wi-fi_tech value");
 		goto fail;
 	}
 
 	discovery = json_get_member(root, "discovery");
 	if (!discovery || discovery->type != JSON_OBJECT) {
-		wpa_printf(MSG_DEBUG, "DPP: No discovery object in JSON");
+		dpp_auth_fail(auth, "No discovery object in JSON");
 		goto fail;
 	}
 
 	token = json_get_member(discovery, "ssid");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No discovery::ssid string value found");
+		dpp_auth_fail(auth, "No discovery::ssid string value found");
 		goto fail;
 	}
 	wpa_hexdump_ascii(MSG_DEBUG, "DPP: discovery::ssid",
 			  token->string, os_strlen(token->string));
 	if (os_strlen(token->string) > SSID_MAX_LEN) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Too long discovery::ssid string value");
+		dpp_auth_fail(auth, "Too long discovery::ssid string value");
 		goto fail;
 	}
 	auth->ssid_len = os_strlen(token->string);
@@ -4724,14 +4723,13 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth,
 
 	cred = json_get_member(root, "cred");
 	if (!cred || cred->type != JSON_OBJECT) {
-		wpa_printf(MSG_DEBUG, "DPP: No cred object in JSON");
+		dpp_auth_fail(auth, "No cred object in JSON");
 		goto fail;
 	}
 
 	token = json_get_member(cred, "akm");
 	if (!token || token->type != JSON_STRING) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: No cred::akm string value found");
+		dpp_auth_fail(auth, "No cred::akm string value found");
 		goto fail;
 	}
 	if (os_strcmp(token->string, "psk") == 0) {
@@ -4743,6 +4741,7 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth,
 	} else {
 		wpa_printf(MSG_DEBUG, "DPP: Unsupported akm: %s",
 			   token->string);
+		dpp_auth_fail(auth, "Unsupported akm");
 		goto fail;
 	}
 
@@ -4766,8 +4765,7 @@ int dpp_conf_resp_rx(struct dpp_authentication *auth,
 	int ret = -1;
 
 	if (dpp_check_attrs(wpabuf_head(resp), wpabuf_len(resp)) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Invalid attribute in config response");
+		dpp_auth_fail(auth, "Invalid attribute in config response");
 		return -1;
 	}
 
@@ -4775,8 +4773,8 @@ int dpp_conf_resp_rx(struct dpp_authentication *auth,
 				    DPP_ATTR_WRAPPED_DATA,
 				    &wrapped_data_len);
 	if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid required Wrapped data attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid required Wrapped Data attribute");
 		return -1;
 	}
 
@@ -4794,15 +4792,14 @@ int dpp_conf_resp_rx(struct dpp_authentication *auth,
 	if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
 			    wrapped_data, wrapped_data_len,
 			    1, addr, len, unwrapped) < 0) {
-		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
+		dpp_auth_fail(auth, "AES-SIV decryption failed");
 		goto fail;
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
 		    unwrapped, unwrapped_len);
 
 	if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Invalid attribute in unwrapped data");
+		dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
 		goto fail;
 	}
 
@@ -4810,34 +4807,34 @@ int dpp_conf_resp_rx(struct dpp_authentication *auth,
 			       DPP_ATTR_ENROLLEE_NONCE,
 			       &e_nonce_len);
 	if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid Enrollee Nonce attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid Enrollee Nonce attribute");
 		goto fail;
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: Enrollee Nonce", e_nonce, e_nonce_len);
 	if (os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {
-		wpa_printf(MSG_DEBUG, "Enrollee Nonce mismatch");
+		dpp_auth_fail(auth, "Enrollee Nonce mismatch");
 		goto fail;
 	}
 
 	status = dpp_get_attr(wpabuf_head(resp), wpabuf_len(resp),
 			      DPP_ATTR_STATUS, &status_len);
 	if (!status || status_len < 1) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing or invalid required DPP Status attribute");
+		dpp_auth_fail(auth,
+			      "Missing or invalid required DPP Status attribute");
 		goto fail;
 	}
 	wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]);
 	if (status[0] != DPP_STATUS_OK) {
-		wpa_printf(MSG_DEBUG, "DPP: Configuration failed");
+		dpp_auth_fail(auth, "Configurator rejected configuration");
 		goto fail;
 	}
 
 	conf_obj = dpp_get_attr(unwrapped, unwrapped_len,
 				DPP_ATTR_CONFIG_OBJ, &conf_obj_len);
 	if (!conf_obj) {
-		wpa_printf(MSG_DEBUG,
-			   "DPP: Missing required Configuration Object attribute");
+		dpp_auth_fail(auth,
+			      "Missing required Configuration Object attribute");
 		goto fail;
 	}
 	wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON",