diff --git a/management/internals/shared/grpc/server.go b/management/internals/shared/grpc/server.go
index 1ff0243f4..32049d044 100644
--- a/management/internals/shared/grpc/server.go
+++ b/management/internals/shared/grpc/server.go
@@ -232,6 +232,9 @@ func (s *Server) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_S
 	userID, err := s.accountManager.GetUserIDByPeerKey(ctx, peerKey.String())
 	if err != nil {
 		s.syncSem.Add(-1)
+		if errStatus, ok := internalStatus.FromError(err); ok && errStatus.Type() == internalStatus.NotFound {
+			return status.Errorf(codes.PermissionDenied, "peer is not registered")
+		}
 		return mapError(ctx, err)
 	}
 
diff --git a/management/server/store/sql_store.go b/management/server/store/sql_store.go
index 0eb687dbb..4fe800636 100644
--- a/management/server/store/sql_store.go
+++ b/management/server/store/sql_store.go
@@ -4269,6 +4269,9 @@ func (s *SqlStore) GetUserIDByPeerKey(ctx context.Context, lockStrength LockingS
 		Take(&userID, GetKeyQueryCondition(s), peerKey)
 
 	if result.Error != nil {
+		if errors.Is(result.Error, gorm.ErrRecordNotFound) {
+			return "", status.Errorf(status.NotFound, "peer not found: index lookup failed")
+		}
 		return "", status.Errorf(status.Internal, "failed to get user ID by peer key")
 	}