diff --git a/cmd/iam.go b/cmd/iam.go
index 4455bf8db..163317f67 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1025,7 +1025,7 @@ func (sys *IAMSys) ListTempAccounts(ctx context.Context, accessKey string) ([]Us
 func (sys *IAMSys) GetServiceAccount(ctx context.Context, accessKey string) (auth.Credentials, *iampolicy.Policy, error) {
 	sa, embeddedPolicy, err := sys.getServiceAccount(ctx, accessKey)
 	if err != nil {
-		return auth.Credentials{}, embeddedPolicy, err
+		return auth.Credentials{}, nil, err
 	}
 	// Hide secret & session keys
 	sa.Credentials.SecretKey = ""
@@ -1033,15 +1033,45 @@ func (sys *IAMSys) GetServiceAccount(ctx context.Context, accessKey string) (aut
 	return sa.Credentials, embeddedPolicy, nil
 }
 
-// getServiceAccount - gets information about a service account
-func (sys *IAMSys) getServiceAccount(ctx context.Context, accessKey string) (u UserIdentity, p *iampolicy.Policy, err error) {
+func (sys *IAMSys) getServiceAccount(ctx context.Context, accessKey string) (UserIdentity, *iampolicy.Policy, error) {
+	sa, embeddedPolicy, err := sys.getAccountWithEmbeddedPolicy(ctx, accessKey)
+	if err != nil {
+		if err == errNoSuchAccount {
+			return UserIdentity{}, nil, errNoSuchServiceAccount
+		}
+		return UserIdentity{}, nil, err
+	}
+	if !sa.Credentials.IsServiceAccount() {
+		return UserIdentity{}, nil, errNoSuchServiceAccount
+	}
+
+	return sa, embeddedPolicy, nil
+}
+
+func (sys *IAMSys) getTempAccount(ctx context.Context, accessKey string) (UserIdentity, *iampolicy.Policy, error) {
+	tmpAcc, embeddedPolicy, err := sys.getAccountWithEmbeddedPolicy(ctx, accessKey)
+	if err != nil {
+		if err == errNoSuchAccount {
+			return UserIdentity{}, nil, errNoSuchTempAccount
+		}
+		return UserIdentity{}, nil, err
+	}
+	if !tmpAcc.Credentials.IsTemp() {
+		return UserIdentity{}, nil, errNoSuchTempAccount
+	}
+
+	return tmpAcc, embeddedPolicy, nil
+}
+
+// getAccountWithEmbeddedPolicy - gets information about an account with its embedded policy if found
+func (sys *IAMSys) getAccountWithEmbeddedPolicy(ctx context.Context, accessKey string) (u UserIdentity, p *iampolicy.Policy, err error) {
 	if !sys.Initialized() {
 		return u, nil, errServerNotInitialized
 	}
 
 	sa, ok := sys.store.GetUser(accessKey)
-	if !ok || !sa.Credentials.IsServiceAccount() {
-		return u, nil, errNoSuchServiceAccount
+	if !ok {
+		return u, nil, errNoSuchAccount
 	}
 
 	var embeddedPolicy *iampolicy.Policy
diff --git a/cmd/site-replication.go b/cmd/site-replication.go
index 08d02ac14..eb9112408 100644
--- a/cmd/site-replication.go
+++ b/cmd/site-replication.go
@@ -1257,9 +1257,8 @@ func (c *SiteReplicationSys) PeerSTSAccHandler(ctx context.Context, stsCred *mad
 	}
 	// skip overwrite of local update if peer sent stale info
 	if !updatedAt.IsZero() {
-		if u, err := globalIAMSys.GetUserInfo(ctx, stsCred.AccessKey); err == nil {
-			ok, _, _ := globalIAMSys.IsTempUser(stsCred.AccessKey)
-			if ok && u.UpdatedAt.After(updatedAt) {
+		if u, _, err := globalIAMSys.getTempAccount(ctx, stsCred.AccessKey); err == nil {
+			if u.UpdatedAt.After(updatedAt) {
 				return nil
 			}
 		}
diff --git a/cmd/typed-errors.go b/cmd/typed-errors.go
index a41ced10d..f18ee3716 100644
--- a/cmd/typed-errors.go
+++ b/cmd/typed-errors.go
@@ -71,6 +71,12 @@ var errNoSuchUser = errors.New("Specified user does not exist")
 // error returned when service account is not found
 var errNoSuchServiceAccount = errors.New("Specified service account does not exist")
 
+// error returned when temporary account is not found
+var errNoSuchTempAccount = errors.New("Specified temporary account does not exist")
+
+// error returned in IAM subsystem when an account doesn't exist.
+var errNoSuchAccount = errors.New("Specified account does not exist")
+
 // error returned in IAM subsystem when groups doesn't exist.
 var errNoSuchGroup = errors.New("Specified group does not exist")