diff --git a/roles/lmn_vpn/tasks/wg_config.yml b/roles/lmn_vpn/tasks/wg_config.yml
index 88b3f40..d1bf9ce 100644
--- a/roles/lmn_vpn/tasks/wg_config.yml
+++ b/roles/lmn_vpn/tasks/wg_config.yml
@@ -5,7 +5,7 @@
       - wireguard
 
 - name: Check if wg_server is reachable
-  ansible.builtin.command: echo "reachable"
+  ansible.builtin.command: echo "Test if wg_server is reachable"
   delegate_to: wireguard_server
   register: result
   changed_when: false
@@ -17,10 +17,10 @@
       * server not reachable
       * no matching ssh-key
   changed_when: true
-  when: result.stdout is not defined or result.stdout!="reachable"
+  when: result.unreachable is defined and result.unreachable
 
 - name: Configure WG Server
-  when: result.stdout is defined and result.stdout=="reachable"
+  when: result.unreachable is not defined or not result.unreachable
   block:
     - name: Set facts wg_clientname
       ansible.builtin.set_fact:
diff --git a/roles/lmn_wlan/tasks/eap-tls_check-certificate.yaml b/roles/lmn_wlan/tasks/eap-tls_check-certificate.yaml
index c527f06..74bc7c4 100644
--- a/roles/lmn_wlan/tasks/eap-tls_check-certificate.yaml
+++ b/roles/lmn_wlan/tasks/eap-tls_check-certificate.yaml
@@ -27,7 +27,7 @@
   when: cert_client_active.stat.exists
 
 - name: Check if radius-server is reachable
-  ansible.builtin.command: echo "reachable"
+  ansible.builtin.command: echo "Test if radius-server is reachable"
   delegate_to: radius_server
   register: radius_reachable
   changed_when: false
@@ -40,12 +40,12 @@
       - "* server not reachable"
       - "* no matching ssh-key"
   changed_when: true
-  when: radius_reachable.stdout is not defined or radius_reachable.stdout!='reachable'
+  when: radius_reachable.unreachable is defined and radius_reachable.unreachable
 
 - name: Issue radius certificate
   ansible.builtin.include_tasks: eap-tls_issue-certificate.yaml
   when:
-    - radius_reachable.stdout is defined and radius_reachable.stdout=="reachable"
+    - radius_reachable.unreachable is not defined or not radius_reachable.unreachable
     - |
       ( not cert_client_active.stat.exists ) or
       (cert_serial.stdout | replace('serial=','') | int(base=16) ) in ( radius_crl.revoked_certificates | map(attribute='serial_number') | list ) or
diff --git a/roles/lmn_wlan/tasks/eap-tls_issue-certificate.yaml b/roles/lmn_wlan/tasks/eap-tls_issue-certificate.yaml
index 9e897bb..a3258df 100644
--- a/roles/lmn_wlan/tasks/eap-tls_issue-certificate.yaml
+++ b/roles/lmn_wlan/tasks/eap-tls_issue-certificate.yaml
@@ -105,7 +105,6 @@
   ansible.builtin.systemd:
     name: iwd.service
     enabled: false
-  failed_when: false
 
 - name: Remove deprecated NetworkManager config
   ansible.builtin.blockinfile: