diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg
index 61291d7..7f53031 100644
--- a/kamailio/registrar-role.cfg
+++ b/kamailio/registrar-role.cfg
@@ -168,9 +168,15 @@ route[KAZOO_AUTHORIZATION_OK]
         $sht(auth_cache=>$Au::nonce) = $var(nonce);
     }
     #!endif
-    $xavp(ulattrs=>custom_channel_vars) = $(kzR{kz.json,Custom-Channel-Vars});
-    xlog("L_INFO", "$ci|log|authenticating $Au via Kazoo query response\n");
-    route(CHECK_AUTHORIZATION);
+   if( $(kzR{kz.json,Event-Name}) == "authn_err" ) {
+        auth_challenge("$fd", "0");
+        xlog("L_INFO", "$ci|end|issued auth challenge to registration attempt for $Au $si:$sp\n");
+        exit;
+    } else {
+       $xavp(ulattrs=>custom_channel_vars) = $(kzR{kz.json,Custom-Channel-Vars});
+       xlog("L_INFO", "$ci|log|authenticating $Au via Kazoo query response\n");
+       route(CHECK_AUTHORIZATION);
+    }
 }
 
 route[KAZOO_AUTHORIZATION_ERROR]
@@ -188,7 +194,7 @@ route[CHECK_AUTHORIZATION]
             xlog("L_INFO", "$ci|end|OPENBTS attempt for $Au $si:$sp\n");
     } else {
 
-    if($var(password) == $null) {
+    if($var(password) == $null || $var(password) == "") {
         auth_challenge("$fd", "0");
         xlog("L_INFO", "$ci|end|issued auth challenge to registration attempt for $Au $si:$sp\n");
         exit;