diff --git a/nomad/vault.go b/nomad/vault.go
index 013f38be921..aa58522bb90 100644
--- a/nomad/vault.go
+++ b/nomad/vault.go
@@ -465,17 +465,18 @@ OUTER:
 		case <-v.tomb.Dying():
 			return
 		case <-retryTimer.C:
-			// Ensure the API is reachable
-			if !initStatus {
-				if _, err := v.clientSys.Sys().InitStatus(); err != nil {
-					v.logger.Warn("failed to contact Vault API", "retry", v.config.ConnectionRetryIntv, "error", err)
-					retryTimer.Reset(v.config.ConnectionRetryIntv)
-					continue OUTER
-				}
-				initStatus = true
-			}
 			// Retry validating the token till success
 			if err := v.parseSelfToken(); err != nil {
+				// if parsing token fails, try to distinguish legitimate token error from transient Vault initialization/connection issue
+				if !initStatus {
+					if _, err := v.clientSys.Sys().Health(); err != nil {
+						v.logger.Warn("failed to contact Vault API", "retry", v.config.ConnectionRetryIntv, "error", err)
+						retryTimer.Reset(v.config.ConnectionRetryIntv)
+						continue OUTER
+					}
+					initStatus = true
+				}
+
 				v.logger.Error("failed to validate self token/role", "retry", v.config.ConnectionRetryIntv, "error", err)
 				retryTimer.Reset(v.config.ConnectionRetryIntv)
 				v.l.Lock()
@@ -484,6 +485,7 @@ OUTER:
 				v.l.Unlock()
 				continue OUTER
 			}
+
 			break OUTER
 		}
 	}
@@ -1239,7 +1241,7 @@ func (v *vaultClient) revokeDaemon() {
 		case <-v.tomb.Dying():
 			return
 		case now := <-ticker.C:
-			if established, _ := v.ConnectionEstablished(); !established {
+			if established, err := v.ConnectionEstablished(); !established || err != nil {
 				continue
 			}
 
diff --git a/nomad/vault_test.go b/nomad/vault_test.go
index 3f94d79446e..07ee66a6d43 100644
--- a/nomad/vault_test.go
+++ b/nomad/vault_test.go
@@ -1015,6 +1015,7 @@ func TestVaultClient_LookupToken_RateLimit(t *testing.T) {
 
 	// Spin up many requests. These should block
 	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 
 	cancels := 0
 	numRequests := 20
@@ -1028,7 +1029,7 @@ func TestVaultClient_LookupToken_RateLimit(t *testing.T) {
 					cancels += 1
 					return
 				}
-				t.Fatalf("self lookup failed: %v", err)
+				t.Errorf("self lookup failed: %v", err)
 				return
 			}