diff --git a/src/client/ua_client_connect.c b/src/client/ua_client_connect.c
index dd76b57d0ae..2ae21e99992 100644
--- a/src/client/ua_client_connect.c
+++ b/src/client/ua_client_connect.c
@@ -928,9 +928,12 @@ responseGetEndpoints(UA_Client *client, void *userdata,
             continue;
         }
 
-        /* We have found a matching endpoint.
-         * But maybe not a amtching user token policy. */
-        bestEndpointIndex = i;
+        /* We have found a matching endpoint. Do we need a matching user token
+         * policy? */
+        if(client->config.noSession) {
+            bestEndpointIndex = i;
+            continue;
+        }
 
         /* Compare the available UserTokenPolicies */
         for(size_t j = 0; j < endpoint->userIdentityTokensSize; ++j) {
@@ -1006,6 +1009,7 @@ responseGetEndpoints(UA_Client *client, void *userdata,
 
             /* Update tracking */
             bestEndpointLevel = endpoint->securityLevel;
+            bestEndpointIndex = i;
             bestTokenIndex = j;
 
             /* Stop search for the UserTokenPolicy. But we go on searching for
@@ -1017,7 +1021,7 @@ responseGetEndpoints(UA_Client *client, void *userdata,
     if(bestEndpointIndex == notFound) {
         UA_LOG_ERROR(client->config.logging, UA_LOGCATEGORY_CLIENT,
                      "No suitable endpoint found");
-        client->connectStatus = UA_STATUSCODE_BADINTERNALERROR;
+        client->connectStatus = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
         closeSecureChannel(client);
         UA_UNLOCK(&client->clientMutex);
         return;