diff --git a/server.ts b/server.ts
index ca5f7fe..75d2dba 100644
--- a/server.ts
+++ b/server.ts
@@ -689,6 +689,13 @@ async function startServer() {
   // to 'unknown'. Runs on a self-scheduling setTimeout so that interval changes
   // in Settings take effect on the next cycle without a server restart.
   // -------------------------------------------------------------
+  function checkmkHttpHint(status: number): string {
+    if (status === 401) return 'HTTP 401 Unauthorized — wrong automation user or secret (check Settings → CheckMK)';
+    if (status === 403) return 'HTTP 403 Forbidden — automation user lacks permission in CheckMK';
+    if (status === 404) return 'HTTP 404 Not Found — API URL incorrect or site name wrong';
+    return `HTTP ${status}`;
+  }
+
   async function syncCheckMkStatuses() {
     const now = new Date().toISOString();
 
@@ -714,7 +721,7 @@ async function startServer() {
         `${CHECKMK_API_URL}/domain-types/host_config/collections/all`,
         { headers: { Authorization: authHeader, Accept: 'application/json' } }
       );
-      if (!cfgRes.ok) throw new Error(`HTTP ${cfgRes.status} — ${await cfgRes.text()}`);
+      if (!cfgRes.ok) throw new Error(checkmkHttpHint(cfgRes.status));
       const cfgData = await cfgRes.json();
       ipToHostname = new Map<string, string>();
       for (const host of cfgData?.value ?? []) {
@@ -752,7 +759,7 @@ async function startServer() {
           `${CHECKMK_API_URL}/objects/host/${encodeURIComponent(cmkHost)}`,
           { headers: { Authorization: authHeader, Accept: 'application/json' } }
         );
-        if (!res.ok) throw new Error(`HTTP ${res.status} — ${await res.text()}`);
+        if (!res.ok) throw new Error(checkmkHttpHint(res.status));
         const data = await res.json();
         const hardState: number = data?.extensions?.state ?? -1;
         const newStatus = hardState === 0 ? 'online' : 'offline';