diff --git a/weed/iam/sts/session_claims.go b/weed/iam/sts/session_claims.go
index a44247daf..b57075bb4 100644
--- a/weed/iam/sts/session_claims.go
+++ b/weed/iam/sts/session_claims.go
@@ -1,9 +1,11 @@
 package sts
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/seaweedfs/seaweedfs/weed/glog"
 )
 
 // defaultCredentialGenerator is a reusable instance for generating temporary credentials
@@ -72,8 +74,10 @@ func (c *STSSessionClaims) ToSessionInfo() *SessionInfo {
 	// This is deterministic based on the session ID, so the same credentials are regenerated
 	credentials, err := defaultCredentialGenerator.GenerateTemporaryCredentials(c.SessionId, expiresAt)
 	if err != nil {
-		// If credential generation fails, return session info without credentials
-		// The validation code will catch this as invalid credentials
+		// Log the error with context - credential generation failure is important for debugging
+		errMsg := fmt.Errorf("generate temporary credentials for session %s: %w", c.SessionId, err)
+		glog.Warningf("Failed to generate credentials for STS session: %v", errMsg)
+		// Return session info without credentials - validation will catch this as invalid
 		credentials = nil
 	}
 
diff --git a/weed/s3api/auth_signature_v4.go b/weed/s3api/auth_signature_v4.go
index f769a1d39..18367aa81 100644
--- a/weed/s3api/auth_signature_v4.go
+++ b/weed/s3api/auth_signature_v4.go
@@ -234,11 +234,6 @@ func (iam *IdentityAccessManagement) verifyV4Signature(r *http.Request, shouldCh
 			glog.Warningf("InvalidAccessKeyId: attempted key '%s' not found. Available keys: %d, Auth enabled: %v",
 				authInfo.AccessKey, len(availableKeys), iam.isAuthEnabled)
 
-			if glog.V(2) && len(availableKeys) > 0 {
-				glog.V(2).Infof("Available access keys: %v", availableKeys)
-			}
-
-			return nil, nil, "", nil, s3err.ErrInvalidAccessKeyID
 		}
 
 		// Check service account expiration