diff --git a/src/MSALWrapper.Test/AuthFlow/IntegratedWindowsAuthenticationTest.cs b/src/MSALWrapper.Test/AuthFlow/IntegratedWindowsAuthenticationTest.cs
index 3db11541..e2e4a529 100644
--- a/src/MSALWrapper.Test/AuthFlow/IntegratedWindowsAuthenticationTest.cs
+++ b/src/MSALWrapper.Test/AuthFlow/IntegratedWindowsAuthenticationTest.cs
@@ -83,6 +83,23 @@ public async Task GetTokenIWA_MsalUIRequired_2FA()
             authFlowResult.AuthFlowName.Should().Be("iwa");
         }
 
+        [Test]
+        public async Task GetTokenIWA_WSTrustEndpointError()
+        {
+            this.SetupIWAWSTrustException();
+
+            // Act
+            AuthFlow.IntegratedWindowsAuthentication iwa = this.Subject();
+            var authFlowResult = await iwa.GetTokenAsync();
+
+            // Assert
+            authFlowResult.TokenResult.Should().Be(null);
+            authFlowResult.Errors.Should().HaveCount(1);
+            authFlowResult.Errors[0].Should().BeOfType(typeof(MsalClientException));
+            authFlowResult.Errors[0].As<MsalClientException>().ErrorCode.Should().Be("parsing_wstrust_response_failed");
+            authFlowResult.AuthFlowName.Should().Be("iwa");
+        }
+
         [Test]
         public async Task GetTokenIWA_MsalServiceException()
         {
@@ -136,6 +153,13 @@ private void SetupIWAUIRequiredFor2FA()
                 .Throws(new MsalUiRequiredException("1", "AADSTS50076 MSAL UI Required Exception!"));
         }
 
+        private void SetupIWAWSTrustException()
+        {
+            this.mockPca
+                .Setup((pca) => pca.GetTokenIntegratedWindowsAuthenticationAsync(Scopes, It.IsAny<CancellationToken>()))
+                .Throws(new MsalClientException("parsing_wstrust_response_failed", "WS-Trust endpoint not found"));
+        }
+
         private void IWAServiceException()
         {
             this.mockPca
diff --git a/src/MSALWrapper/AuthFlow/IntegratedWindowsAuthentication.cs b/src/MSALWrapper/AuthFlow/IntegratedWindowsAuthentication.cs
index b0764c6c..af3d764d 100644
--- a/src/MSALWrapper/AuthFlow/IntegratedWindowsAuthentication.cs
+++ b/src/MSALWrapper/AuthFlow/IntegratedWindowsAuthentication.cs
@@ -70,7 +70,7 @@ protected override async Task<TokenResult> GetTokenInnerAsync()
                 this.logger.LogWarning("Warning: IWA can pass this requirement if you log into Windows with either a Smart Card or Windows Hello.");
                 throw;
             }
-            catch (MsalClientException ex) when (ex.Message.Contains("WS-Trust endpoint not found"))
+            catch (MsalClientException ex) when (ex.Message.Contains("WS-Trust endpoint not found") || ex.ErrorCode == "parsing_wstrust_response_failed")
             {
                 this.logger.LogDebug($"IWA only works on corporate AD backed network, AzureAuth is trying to use other auth flows if applicable.");
                 this.logger.LogDebug($"Turn on VPN for IWA mode to succeed.");