diff --git a/changelog/unreleased/improve-ocmd-error-logs.md b/changelog/unreleased/improve-ocmd-error-logs.md
new file mode 100644
index 0000000000..0352b89fec
--- /dev/null
+++ b/changelog/unreleased/improve-ocmd-error-logs.md
@@ -0,0 +1,4 @@
+Enhancement: Improve error logging in ocmd flow
+
+https://github.com/cs3org/reva/issues/3365
+https://github.com/cs3org/reva/pull/3369
diff --git a/internal/grpc/services/ocminvitemanager/ocminvitemanager.go b/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
index 7af7125c28..17829e7b5f 100644
--- a/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
+++ b/internal/grpc/services/ocminvitemanager/ocminvitemanager.go
@@ -118,8 +118,9 @@ func (s *service) GenerateInviteToken(ctx context.Context, req *invitepb.Generat
 func (s *service) ForwardInvite(ctx context.Context, req *invitepb.ForwardInviteRequest) (*invitepb.ForwardInviteResponse, error) {
 	err := s.im.ForwardInvite(ctx, req.InviteToken, req.OriginSystemProvider)
 	if err != nil {
+		message := err.Error()
 		return &invitepb.ForwardInviteResponse{
-			Status: status.NewInternal(ctx, "error forwarding invite"),
+			Status: status.NewInternal(ctx, "error forwarding invite:"+message),
 		}, nil
 	}
 
@@ -159,7 +160,7 @@ func (s *service) FindAcceptedUsers(ctx context.Context, req *invitepb.FindAccep
 	acceptedUsers, err := s.im.FindAcceptedUsers(ctx, req.Filter)
 	if err != nil {
 		return &invitepb.FindAcceptedUsersResponse{
-			Status: status.NewInternal(ctx, "error finding remote users"),
+			Status: status.NewInternal(ctx, "error finding remote users: "+err.Error()),
 		}, nil
 	}
 
diff --git a/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go b/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go
index 374ebd3f83..be50fa0b42 100644
--- a/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go
+++ b/internal/grpc/services/ocmproviderauthorizer/ocmproviderauthorizer.go
@@ -122,7 +122,7 @@ func (s *service) IsProviderAllowed(ctx context.Context, req *ocmprovider.IsProv
 	err := s.pa.IsProviderAllowed(ctx, req.Provider)
 	if err != nil {
 		return &ocmprovider.IsProviderAllowedResponse{
-			Status: status.NewInternal(ctx, "error verifying mesh provider"),
+			Status: status.NewInternal(ctx, "error verifying mesh provider"+err.Error()),
 		}, nil
 	}
 
diff --git a/internal/http/services/ocmd/invites.go b/internal/http/services/ocmd/invites.go
index 6f15c1ee6a..8c6688df97 100644
--- a/internal/http/services/ocmd/invites.go
+++ b/internal/http/services/ocmd/invites.go
@@ -314,6 +314,7 @@ func (h *invitesHandler) findAcceptedUsers(w http.ResponseWriter, r *http.Reques
 	indentedResponse, _ := json.MarshalIndent(response, "", "   ")
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
+	log.Debug().Msg("findAcceptedUsers json response: " + string(indentedResponse))
 	if _, err := w.Write(indentedResponse); err != nil {
 		log.Err(err).Msg("Error writing to ResponseWriter")
 	}
diff --git a/internal/http/services/ocmd/send.go b/internal/http/services/ocmd/send.go
index a4a84e284e..e9b31840d6 100644
--- a/internal/http/services/ocmd/send.go
+++ b/internal/http/services/ocmd/send.go
@@ -110,13 +110,13 @@ func (h *sendHandler) Handler() http.Handler {
 		req := &provider.StatRequest{Ref: ref}
 		res2, err := gatewayClient.Stat(authCtx, req)
 		if err != nil {
-			log.Error().Msg("error sending: stat file/folder to share")
+			log.Error().Msg("gatewayClient.Stat operation failed; is the storage backend reachable?")
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
 
 		if res2.Status.Code != rpc.Code_CODE_OK {
-			log.Error().Msg("error returned: stat file/folder to share")
+			log.Error().Msgf("sourcePath %s does not exist on the storage backend", sourcePath)
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
diff --git a/pkg/ocm/provider/authorizer/json/json.go b/pkg/ocm/provider/authorizer/json/json.go
index 75873e77be..7b321e28d5 100644
--- a/pkg/ocm/provider/authorizer/json/json.go
+++ b/pkg/ocm/provider/authorizer/json/json.go
@@ -28,6 +28,7 @@ import (
 	"sync"
 
 	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
+	"github.com/cs3org/reva/v2/pkg/appctx"
 	"github.com/cs3org/reva/v2/pkg/errtypes"
 	"github.com/cs3org/reva/v2/pkg/ocm/provider"
 	"github.com/cs3org/reva/v2/pkg/ocm/provider/authorizer/registry"
@@ -115,13 +116,17 @@ func (a *authorizer) GetInfoByDomain(ctx context.Context, domain string) (*ocmpr
 
 func (a *authorizer) IsProviderAllowed(ctx context.Context, provider *ocmprovider.ProviderInfo) error {
 	var err error
+	log := appctx.GetLogger(ctx)
+
 	normalizedDomain, err := normalizeDomain(provider.Domain)
+	log.Info().Msgf("Checking if provider is allowed: %s", normalizedDomain)
 	if err != nil {
 		return err
 	}
 	var providerAuthorized bool
 	if normalizedDomain != "" {
 		for _, p := range a.providers {
+			log.Info().Msgf("Trying %s", p.Domain)
 			if p.Domain == normalizedDomain {
 				providerAuthorized = true
 				break
diff --git a/pkg/storage/fs/nextcloud/nextcloud.go b/pkg/storage/fs/nextcloud/nextcloud.go
index 41e173f789..6efb07b05b 100644
--- a/pkg/storage/fs/nextcloud/nextcloud.go
+++ b/pkg/storage/fs/nextcloud/nextcloud.go
@@ -25,6 +25,7 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 
 	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
@@ -229,7 +230,9 @@ func (nc *StorageDriver) do(ctx context.Context, a Action) (int, []byte, error)
 		return 0, nil, err
 	}
 	log.Info().Msgf("nc.do res %s %s", url, string(body))
-
+	if resp.StatusCode != http.StatusOK {
+		return 0, nil, fmt.Errorf("Unexpected response code from EFSS API: " + strconv.Itoa(resp.StatusCode))
+	}
 	return resp.StatusCode, body, nil
 }