diff --git a/api/client/proxy/client.go b/api/client/proxy/client.go
index 365874fc09a26..3c2650dec0e4b 100644
--- a/api/client/proxy/client.go
+++ b/api/client/proxy/client.go
@@ -502,7 +502,11 @@ func (c *Client) ClientConfig(ctx context.Context, cluster string) (client.Confi
 func (c *Client) DialHost(ctx context.Context, target, cluster string, keyring agent.ExtendedAgent) (net.Conn, ClusterDetails, error) {
 	conn, details, err := cmp.Or(c.relayTransport, c.transport).DialHost(ctx, target, cluster, nil, keyring)
 	if err != nil {
-		return nil, ClusterDetails{}, trace.ConnectionProblem(err, "failed connecting to host %s: %v", target, err)
+		host := target
+		if h, _, err := net.SplitHostPort(target); err == nil {
+			host = h
+		}
+		return nil, ClusterDetails{}, trace.ConnectionProblem(err, "failed connecting to host %s: %v", host, err)
 	}
 
 	return conn, ClusterDetails{FIPS: details.FipsEnabled}, nil
diff --git a/api/client/proxy/transport/transportv1/client.go b/api/client/proxy/transport/transportv1/client.go
index 92d92fb59ebc3..eff9c30d485c4 100644
--- a/api/client/proxy/transport/transportv1/client.go
+++ b/api/client/proxy/transport/transportv1/client.go
@@ -245,7 +245,7 @@ func (c *Client) DialHost(ctx context.Context, hostport, cluster string, src net
 	stream, err := c.clt.ProxySSH(ctx)
 	if err != nil {
 		cancel()
-		return nil, nil, trace.Wrap(err, "unable to establish proxy stream")
+		return nil, nil, trace.Wrap(err, "opening proxy stream")
 	}
 
 	if err := stream.Send(&transportv1pb.ProxySSHRequest{DialTarget: &transportv1pb.TargetHost{
@@ -253,13 +253,13 @@ func (c *Client) DialHost(ctx context.Context, hostport, cluster string, src net
 		Cluster:  cluster,
 	}}); err != nil {
 		cancel()
-		return nil, nil, trace.Wrap(err, "failed to send dial target request")
+		return nil, nil, trace.Wrap(err, "sending dial target request")
 	}
 
 	resp, err := stream.Recv()
 	if err != nil {
 		cancel()
-		return nil, nil, trace.Wrap(err, "failed to receive cluster details response")
+		return nil, nil, trace.Wrap(err)
 	}
 
 	// create streams for ssh and agent protocol
diff --git a/integration/integration_test.go b/integration/integration_test.go
index 823bb964faa4c..e0fe4fecca4e2 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -2282,7 +2282,7 @@ func testInvalidLogins(t *testing.T, suite *integrationTestSuite) {
 	require.NoError(t, err)
 
 	err = tc.SSH(context.Background(), cmd)
-	require.ErrorIs(t, err, trace.NotFound("failed to dial target host\n\tlooking up remote cluster \"wrong-site\"\n\t\tnot found"))
+	require.ErrorContains(t, err, "failed connecting to host localhost: looking up remote cluster \"wrong-site\"\n\tnot found")
 }
 
 // TestTwoClustersTunnel creates two teleport clusters: "a" and "b" and creates a
diff --git a/lib/client/client.go b/lib/client/client.go
index 0dadb6f25327f..1ccf73c3983a7 100644
--- a/lib/client/client.go
+++ b/lib/client/client.go
@@ -355,7 +355,11 @@ func NewNodeClient(ctx context.Context, sshConfig *ssh.ClientConfig, conn net.Co
 				"target_host", nodeName,
 				"error", err,
 			)
-			return nil, trace.AccessDenied("access denied to %v connecting to %v", sshConfig.User, nodeName)
+			host := nodeName
+			if h, _, err := net.SplitHostPort(nodeName); err == nil {
+				host = h
+			}
+			return nil, trace.AccessDenied("access denied to %v connecting to %v", sshConfig.User, host)
 		}
 		return nil, trace.Wrap(err)
 	}
diff --git a/lib/proxy/router.go b/lib/proxy/router.go
index 72823f5a1f4e3..1829e85d8b04a 100644
--- a/lib/proxy/router.go
+++ b/lib/proxy/router.go
@@ -21,7 +21,6 @@ package proxy
 import (
 	"bytes"
 	"context"
-	"errors"
 	"log/slog"
 	"math/rand/v2"
 	"net"
@@ -582,7 +581,7 @@ func getServerWithResolver(ctx context.Context, host, port string, cluster clust
 			return nil, trace.NotFound("unable to locate node matching %s-like target %s", idType, host)
 		}
 
-		return nil, trace.ConnectionProblem(errors.New("connection problem"), "direct dialing to nodes not found in inventory is not supported")
+		return nil, trace.ConnectionProblem(nil, "target host %s is offline or does not exist", host)
 	}
 }
 
diff --git a/lib/srv/transport/transportv1/transport.go b/lib/srv/transport/transportv1/transport.go
index 038d07e718daf..31c38326fa98d 100644
--- a/lib/srv/transport/transportv1/transport.go
+++ b/lib/srv/transport/transportv1/transport.go
@@ -270,19 +270,19 @@ func (s *Service) ProxySSH(stream transportv1pb.TransportService_ProxySSHServer)
 	// create a reader/writer for SSH Agent protocol
 	agentStreamRW, err := streamutils.NewReadWriter(agentStream)
 	if err != nil {
-		return trace.Wrap(err, "failed constructing ssh agent streamer")
+		return trace.Wrap(err, "creating ssh agent stream")
 	}
 	defer agentStreamRW.Close()
 
 	// create a reader/writer for SSH protocol
 	sshStreamRW, err := streamutils.NewReadWriter(sshStream)
 	if err != nil {
-		return trace.Wrap(err, "failed constructing ssh streamer")
+		return trace.Wrap(err, "creating ssh stream")
 	}
 
 	clientDst, err := getDestinationAddress(p.Addr, s.cfg.LocalAddr)
 	if err != nil {
-		return trace.Wrap(err, "could get not client destination address; listener address %q, client source address %q", s.cfg.LocalAddr.String(), p.Addr.String())
+		return trace.Wrap(err, "retrieving destination address; listener address %q, client source address %q", s.cfg.LocalAddr.String(), p.Addr.String())
 	}
 
 	signer := s.cfg.SignerFn(authzContext, req.DialTarget.Cluster)
@@ -292,7 +292,7 @@ func (s *Service) ProxySSH(stream transportv1pb.TransportService_ProxySSHServer)
 		if errors.Is(err, teleport.ErrNodeIsAmbiguous) {
 			return trace.Wrap(err)
 		}
-		return trace.Wrap(err, "failed to dial target host")
+		return trace.Wrap(err)
 	}
 
 	// ensure the connection to the target host
diff --git a/lib/web/apiserver_test.go b/lib/web/apiserver_test.go
index bbf615fe3bca0..1d5651a47203f 100644
--- a/lib/web/apiserver_test.go
+++ b/lib/web/apiserver_test.go
@@ -6817,7 +6817,7 @@ func TestDiagnoseSSHConnection(t *testing.T) {
 					Type:    types.ConnectionDiagnosticTrace_CONNECTIVITY,
 					Status:  types.ConnectionDiagnosticTrace_FAILED,
 					Details: `Failed to connect to the Node. Ensure teleport service is running using "systemctl status teleport".`,
-					Error:   "direct dialing to nodes not found in inventory is not supported",
+					Error:   "target host notanode is offline or does not exist",
 				},
 			},
 		},
@@ -6835,7 +6835,7 @@ func TestDiagnoseSSHConnection(t *testing.T) {
 					Type:    types.ConnectionDiagnosticTrace_CONNECTIVITY,
 					Status:  types.ConnectionDiagnosticTrace_FAILED,
 					Details: `Failed to connect to the Node. Ensure teleport service is running using "launchctl print 'system/Teleport Service'".`,
-					Error:   "direct dialing to nodes not found in inventory is not supported",
+					Error:   "target host notanode is offline or does not exist",
 				},
 			},
 		},
@@ -6854,7 +6854,7 @@ func TestDiagnoseSSHConnection(t *testing.T) {
 					Type:    types.ConnectionDiagnosticTrace_CONNECTIVITY,
 					Status:  types.ConnectionDiagnosticTrace_FAILED,
 					Details: `Open the Connect My Computer tab in Teleport Connect and make sure that the agent is running.`,
-					Error:   "direct dialing to nodes not found in inventory is not supported",
+					Error:   "target host notanode is offline or does not exist",
 				},
 			},
 		},