diff --git a/include/xrpl/protocol/TER.h b/include/xrpl/protocol/TER.h
index 268cdac683..81da933443 100644
--- a/include/xrpl/protocol/TER.h
+++ b/include/xrpl/protocol/TER.h
@@ -346,8 +346,7 @@ enum TECcodes : TERUnderlyingType {
     tecBAD_CREDENTIALS = 193,
     tecWRONG_ASSET = 194,
     tecLIMIT_EXCEEDED = 195,
-    tecINVALID_DOMAIN = 196,
-    tecPSEUDO_ACCOUNT = 197,
+    tecPSEUDO_ACCOUNT = 196,
 };
 
 //------------------------------------------------------------------------------
diff --git a/src/libxrpl/protocol/TER.cpp b/src/libxrpl/protocol/TER.cpp
index 94423b72c6..87e07bc7c9 100644
--- a/src/libxrpl/protocol/TER.cpp
+++ b/src/libxrpl/protocol/TER.cpp
@@ -125,7 +125,6 @@ transResults()
         MAKE_ERROR(tecBAD_CREDENTIALS,               "Bad credentials."),
         MAKE_ERROR(tecWRONG_ASSET,                   "Wrong asset given."),
         MAKE_ERROR(tecLIMIT_EXCEEDED,                "Limit exceeded."),
-        MAKE_ERROR(tecINVALID_DOMAIN,                "Invalid permissioned domain."),
         MAKE_ERROR(tecPSEUDO_ACCOUNT,                "This operation is not allowed against a pseudo-account."),
 
         MAKE_ERROR(tefALREADY,                     "The exact transaction was already in this ledger."),
diff --git a/src/test/app/Vault_test.cpp b/src/test/app/Vault_test.cpp
index d30e5fa93d..dd68b2c1a8 100644
--- a/src/test/app/Vault_test.cpp
+++ b/src/test/app/Vault_test.cpp
@@ -179,10 +179,10 @@ class Vault_test : public beast::unit_test::suite
             }
 
             {
-                testcase(prefix + " fail to set nonexistent domain");
+                testcase(prefix + " fail to set domain on public vault");
                 auto tx = vault.set({.owner = owner, .id = keylet.key});
                 tx[sfDomainID] = to_string(base_uint<256>(42ul));
-                env(tx, ter(tecINVALID_DOMAIN));
+                env(tx, ter{tecNO_PERMISSION});
             }
 
             {
@@ -837,6 +837,13 @@ class Vault_test : public beast::unit_test::suite
             env(tx, ter{tecNO_AUTH});
         }
 
+        {
+            testcase("private vault cannot set non-existing domain");
+            auto tx = vault.set({.owner = owner, .id = keylet.key});
+            tx[sfDomainID] = to_string(base_uint<256>(42ul));
+            env(tx, ter{tecOBJECT_NOT_FOUND});
+        }
+
         {
             testcase("private vault set domainId");
 
diff --git a/src/xrpld/app/misc/CredentialHelpers.cpp b/src/xrpld/app/misc/CredentialHelpers.cpp
index 238443cb18..263f14da2a 100644
--- a/src/xrpld/app/misc/CredentialHelpers.cpp
+++ b/src/xrpld/app/misc/CredentialHelpers.cpp
@@ -20,6 +20,7 @@
 #include <xrpld/app/misc/CredentialHelpers.h>
 #include <xrpld/ledger/View.h>
 
+#include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/digest.h>
 
 #include <unordered_set>
@@ -190,17 +191,12 @@ validDomain(ReadView const& view, uint256 domainID, AccountID const& subject)
     // Note, permissioned domain objects can be deleted at any time
     auto const slePD = view.read(keylet::permissionedDomain(domainID));
     if (!slePD)
-        return tecINVALID_DOMAIN;
-    else if (!slePD->isFieldPresent(sfAcceptedCredentials))
-        return tefINTERNAL;
+        return tecOBJECT_NOT_FOUND;
 
     auto const closeTime = view.info().parentCloseTime;
     bool foundExpired = false;
     for (auto const& h : slePD->getFieldArray(sfAcceptedCredentials))
     {
-        if (!h.isFieldPresent(sfIssuer) || !h.isFieldPresent(sfCredentialType))
-            return tefINTERNAL;
-
         auto const issuer = h.getAccountID(sfIssuer);
         auto const type = h.getFieldVL(sfCredentialType);
         auto const keyletCredential =
@@ -324,17 +320,14 @@ verifyValidDomain(
     beast::Journal j)
 {
     auto const slePD = view.read(keylet::permissionedDomain(domainID));
-    if (!slePD || !slePD->isFieldPresent(sfAcceptedCredentials))
-        return tefINTERNAL;
+    if (!slePD)
+        return tecOBJECT_NOT_FOUND;
 
     // Collect all matching credentials on a side, so we can remove expired ones
     // We may finish the loop with this collection empty, it's fine.
     STVector256 credentials;
     for (auto const& h : slePD->getFieldArray(sfAcceptedCredentials))
     {
-        if (!h.isFieldPresent(sfIssuer) || !h.isFieldPresent(sfCredentialType))
-            return tefINTERNAL;
-
         auto const issuer = h.getAccountID(sfIssuer);
         auto const type = h.getFieldVL(sfCredentialType);
         auto const keyletCredential =
diff --git a/src/xrpld/app/tx/detail/VaultSet.cpp b/src/xrpld/app/tx/detail/VaultSet.cpp
index c8feba2e9f..4d6b9df047 100644
--- a/src/xrpld/app/tx/detail/VaultSet.cpp
+++ b/src/xrpld/app/tx/detail/VaultSet.cpp
@@ -95,12 +95,12 @@ VaultSet::preclaim(PreclaimContext const& ctx)
     {
         // We can only set domain if private flag was originally set
         if ((vault->getFlags() & tfVaultPrivate) == 0)
-            return tecINVALID_DOMAIN;
+            return tecNO_PERMISSION;
 
         auto const sleDomain =
             ctx.view.read(keylet::permissionedDomain(*domain));
         if (!sleDomain)
-            return tecNO_ENTRY;
+            return tecOBJECT_NOT_FOUND;
 
         // Sanity check only, this should be enforced by VaultCreate
         if ((sleIssuance->getFlags() & lsfMPTRequireAuth) == 0)
diff --git a/src/xrpld/ledger/detail/View.cpp b/src/xrpld/ledger/detail/View.cpp
index ff5698bc77..c8d980ab77 100644
--- a/src/xrpld/ledger/detail/View.cpp
+++ b/src/xrpld/ledger/detail/View.cpp
@@ -2238,7 +2238,7 @@ requireAuth(
         return tesSUCCESS;
     }
 
-    // err = tefINTERNAL | tecINVALID_DOMAIN | tecNO_AUTH | tecEXPIRED
+    // err = tefINTERNAL | tecOBJECT_NOT_FOUND | tecNO_AUTH | tecEXPIRED
     if (auto const err =
             credentials::validDomain(view, *maybeDomainID, account);
         !isTesSuccess(err))