diff --git a/clients/tools/common.c b/clients/tools/common.c
index 4d7b038c6935e1f748fb6884a5ee87235cc08691..3ba0e375e7fd144fe1941bb4155a5acf22f2216f 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1287,7 +1287,10 @@ dnssrv_free:;
 		if ( use_tls ) {
 			rc = ldap_start_tls_s( ld, NULL, NULL );
 			if ( rc != LDAP_SUCCESS ) {
-				tool_perror( "ldap_start_tls", rc, NULL, NULL, NULL, NULL );
+				char *msg=NULL;
+				ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
+				tool_perror( "ldap_start_tls", rc, NULL, NULL, msg, NULL );
+				ldap_memfree(msg);
 				if ( use_tls > 1 ) {
 					exit( EXIT_FAILURE );
 				}
@@ -1384,8 +1387,11 @@ tool_bind( LDAP *ld )
 
 		lutil_sasl_freedefs( defaults );
 		if( rc != LDAP_SUCCESS ) {
+			char *msg=NULL;
+			ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
 			tool_perror( "ldap_sasl_interactive_bind_s",
-				rc, NULL, NULL, NULL, NULL );
+				rc, NULL, NULL, msg, NULL );
+			ldap_memfree(msg);
 			exit( rc );
 		}
 #else