diff --git a/federationapi/routing/leave.go b/federationapi/routing/leave.go
index 047eacd3d..812cf947e 100644
--- a/federationapi/routing/leave.go
+++ b/federationapi/routing/leave.go
@@ -274,7 +274,7 @@ func SendLeave(
 	}, &response)
 
 	if response.ErrMsg != "" {
-		util.GetLogger(httpReq.Context()).WithField(logrus.ErrorKey, response.ErrMsg).Error("producer.SendEvents failed")
+		util.GetLogger(httpReq.Context()).WithField(logrus.ErrorKey, response.ErrMsg).WithField("not_allowed", response.NotAllowed).Error("producer.SendEvents failed")
 		if response.NotAllowed {
 			return util.JSONResponse{
 				Code: http.StatusBadRequest,
diff --git a/roomserver/internal/helpers/auth.go b/roomserver/internal/helpers/auth.go
index 1f4215e74..6d9fd4275 100644
--- a/roomserver/internal/helpers/auth.go
+++ b/roomserver/internal/helpers/auth.go
@@ -23,6 +23,7 @@ import (
 	"github.com/matrix-org/dendrite/roomserver/storage"
 	"github.com/matrix-org/dendrite/roomserver/types"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/sirupsen/logrus"
 )
 
 // CheckForSoftFail returns true if the event should be soft-failed
@@ -114,6 +115,8 @@ func CheckAuthEvents(
 
 	// Check if the event is allowed.
 	if err = gomatrixserverlib.Allowed(event.Event, &authEvents); err != nil {
+		_, na := err.(*gomatrixserverlib.NotAllowed)
+		logrus.Warnf("CheckAuthEvents failed Allowed check, NotAllowed=%v", na)
 		return nil, err
 	}
 
diff --git a/roomserver/internal/input/input_events.go b/roomserver/internal/input/input_events.go
index 2a558c483..eb870dc14 100644
--- a/roomserver/internal/input/input_events.go
+++ b/roomserver/internal/input/input_events.go
@@ -187,6 +187,8 @@ func (r *Inputer) processRoomEvent(
 			"soft_fail": softfail,
 			"sender":    event.Sender(),
 		}).Debug("Stored rejected event")
+		_, na := rejectionErr.(*gomatrixserverlib.NotAllowed)
+		logrus.Warnf("NotAllowed=%v", na)
 		return event.EventID(), rejectionErr
 	}