diff --git a/server/rpc/auth/webhook.go b/server/rpc/auth/webhook.go
index a3b2ebd54..a58359397 100644
--- a/server/rpc/auth/webhook.go
+++ b/server/rpc/auth/webhook.go
@@ -34,6 +34,9 @@ import (
 )
 
 var (
+	// ErrUnauthenticated is returned when the authentication is failed.
+	ErrUnauthenticated = errors.New("unauthenticated")
+
 	// ErrPermissionDenied is returned when the given user is not allowed for the access.
 	ErrPermissionDenied = errors.New("method is not allowed for this user")
 
@@ -45,9 +48,6 @@ var (
 
 	// ErrWebhookTimeout is returned when the webhook does not respond in time.
 	ErrWebhookTimeout = errors.New("webhook timeout")
-
-	// ErrUnauthenticated is returned when the request lacks valid authentication credentials.
-	ErrUnauthenticated = errors.New("request lacks valid authentication credentials")
 )
 
 // verifyAccess verifies the given user is allowed to access the given method.
diff --git a/server/rpc/connecthelper/status.go b/server/rpc/connecthelper/status.go
index 1eef3306e..b56fd161c 100644
--- a/server/rpc/connecthelper/status.go
+++ b/server/rpc/connecthelper/status.go
@@ -79,12 +79,14 @@ var errorToConnectCode = map[error]connect.Code{
 	converter.ErrUnsupportedCounterType: connect.CodeUnimplemented,
 
 	// Unauthenticated means the request does not have valid authentication
-	auth.ErrUnexpectedStatusCode:   connect.CodeUnauthenticated,
-	auth.ErrUnexpectedResponse:     connect.CodeUnauthenticated,
-	auth.ErrWebhookTimeout:         connect.CodeUnauthenticated,
 	auth.ErrUnauthenticated:        connect.CodeUnauthenticated,
 	database.ErrMismatchedPassword: connect.CodeUnauthenticated,
 
+	// Internal means an internal error occurred.
+	auth.ErrUnexpectedStatusCode: connect.CodeInternal,
+	auth.ErrUnexpectedResponse:   connect.CodeInternal,
+	auth.ErrWebhookTimeout:       connect.CodeInternal,
+
 	// PermissionDenied means the request does not have permission for the operation.
 	auth.ErrPermissionDenied: connect.CodePermissionDenied,
 
diff --git a/test/integration/auth_webhook_test.go b/test/integration/auth_webhook_test.go
index 6126ee68a..f20c28604 100644
--- a/test/integration/auth_webhook_test.go
+++ b/test/integration/auth_webhook_test.go
@@ -287,7 +287,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		assert.NoError(t, err)
 		defer func() { assert.NoError(t, cli.Close()) }()
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrUnexpectedStatusCode), converter.ErrorCodeOf(err))
 	})
 
@@ -327,7 +327,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		assert.NoError(t, err)
 		defer func() { assert.NoError(t, cli.Close()) }()
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrUnexpectedResponse), converter.ErrorCodeOf(err))
 	})
 
@@ -356,7 +356,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		defer func() { assert.NoError(t, cli.Close()) }()
 
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrWebhookTimeout), converter.ErrorCodeOf(err))
 	})