diff --git a/src/access.c b/src/access.c
index 1b0289a35..7d8e9d0a4 100644
--- a/src/access.c
+++ b/src/access.c
@@ -461,14 +461,18 @@ access_dump_tags
 /*
  *
  */
-static void
-access_dump_a(access_t *a)
+void
+access_dump_a(const access_t *a)
 {
   htsmsg_field_t *f;
   size_t l = 0;
   char buf[1024];
   int first;
 
+  if (!a) {
+    tvhinfo(LS_ACCESS, "<nopermission>");
+  }
+
   tvh_strlcatf(buf, sizeof(buf), l,
     "%s:%s [%c%c%c%c%c%c%c%c%c%c%c], conn=%u:s%u:r%u:l%u%s",
     a->aa_representative ?: "<no-id>",
@@ -533,7 +537,7 @@ access_dump_a(access_t *a)
   access_dump_tags("exclude ", buf, sizeof(buf), &l, a->aa_chtags_exclude);
   access_dump_tags("", buf, sizeof(buf), &l, a->aa_chtags);
 
-  tvhtrace(LS_ACCESS, "%s", buf);
+  tvhinfo(LS_ACCESS, "%s", buf);
 }
 
 /*
@@ -725,28 +729,37 @@ access_get(struct sockaddr_storage *src, const char *username, verify_callback_t
   access_entry_t *ae;
   int nouser = tvh_str_default(username, NULL) == NULL;
   char *s;
+  tvhinfo(LS_ACCESS, "access_get for user <%s>", username?:"<none>");
 
-  if (!access_noacl && access_ip_blocked(src))
+  if (!access_noacl && access_ip_blocked(src)) {
+    tvhinfo(LS_ACCESS, "No permission due to access_ip_blocked");
     return a;
+  }
 
   if (!passwd_verify(a, username, verify, aux)) {
     a->aa_username = strdup(username);
     a->aa_representative = strdup(username);
     if(!passwd_verify2(username, verify, aux,
-                       superuser_username, superuser_password))
+                       superuser_username, superuser_password)) {
+      tvhinfo(LS_ACCESS, "access_full 1");
       return access_full(a);
+    }
   } else {
     s = alloca(50);
     tcp_get_str_from_ip(src, s, 50);
     a->aa_representative = strdup(s);
     if(!passwd_verify2(username, verify, aux,
-                       superuser_username, superuser_password))
+                       superuser_username, superuser_password)) {
+      tvhinfo(LS_ACCESS, "access_full 2");
       return access_full(a);
+    }
     username = NULL;
   }
 
-  if (access_noacl)
+  if (access_noacl) {
+    tvhinfo(LS_ACCESS, "access_full 3");
     return access_full(a);
+  }
 
   TAILQ_FOREACH(ae, &access_entries, ae_link) {
 
@@ -759,8 +772,10 @@ access_get(struct sockaddr_storage *src, const char *username, verify_callback_t
         continue; /* Didn't get one */
     }
 
-    if(!netmask_verify(&ae->ae_ipmasks, src))
+    if(!netmask_verify(&ae->ae_ipmasks, src)) {
+      tvhinfo(LS_ACCESS, "netmask_verify fail");
       continue; /* IP based access mismatches */
+    }
 
     if(ae->ae_username[0] != '*')
       a->aa_match = 1;
@@ -770,6 +785,7 @@ access_get(struct sockaddr_storage *src, const char *username, verify_callback_t
 
   /* Username was not matched - no access */
   if (!a->aa_match) {
+    tvhinfo(LS_ACCESS, "aa_match nouser=%d", nouser);
     free(a->aa_username);
     a->aa_username = NULL;
     if (!nouser)
diff --git a/src/access.h b/src/access.h
index 4035d2584..8f822f93f 100644
--- a/src/access.h
+++ b/src/access.h
@@ -300,6 +300,7 @@ typedef int (*verify_callback_t)(void *aux, const char *passwd);
 access_t *access_get(struct sockaddr_storage *src, const char *username,
                      verify_callback_t verify, void *aux);
 
+void access_dump_a(const access_t *a);
 /**
  *
  */
diff --git a/src/webui/webui.c b/src/webui/webui.c
index 4397ff24f..35e8a0823 100644
--- a/src/webui/webui.c
+++ b/src/webui/webui.c
@@ -1646,6 +1646,7 @@ __attribute__((warn_unused_result))
 static access_t *hdhomerun_verify_user_permission(const http_connection_t *hc,
                                                   const char *fail_log_reason)
 {
+  tvhinfo(LS_ACCESS, "hdhomerun_verify_user_permission");
   /* Not explicitly enabled?  Then all calls fail. */
   if (!config.hdhomerun_server_enable) {
     tvhwarn(LS_WEBUI, "hdhomerun server not enabled but received request [%s]",
@@ -1655,16 +1656,20 @@ static access_t *hdhomerun_verify_user_permission(const http_connection_t *hc,
 
   const char *hdhr_user = config.hdhomerun_server_username ?: "";
   access_t *perm = access_get(hc->hc_peer, hdhr_user, hdhomerun_server_verify_callback, NULL);
-
+  access_dump_a(perm);
   if (access_verify2(perm, ACCESS_STREAMING)) {
     /* Failed */
-    tvhwarn(LS_WEBUI, "hdhomerun server received request but no streaming permission for user [%s] [%d] [%s]",
+    access_dump_a(perm);
+    tvhwarn(LS_WEBUI, "hdhomerun server received request but no streaming permission for user [%s] [%s] [%s] [%d] [%s]",
             hdhr_user ?: "<none>",
+            perm? (perm->aa_username ?: "<none>") : "<noperm>",
+            perm? (perm->aa_representative ?: "<none>") : "<noperm>",
             perm? perm->aa_rights : 0,
             fail_log_reason?:"");
     access_destroy(perm);
     return NULL;
   } else {
+    tvhinfo(LS_ACCESS, "hdhomerun_verify_user_permission: OK");
     return perm;
   }
 }