diff --git a/src/core/lib/security/client_auth_filter.c b/src/core/lib/security/client_auth_filter.c
index b9e5bf03391d7f6f6f8ee0a1f997c24b40342652..af6073e560444ba72b8e46384d2765615be339da 100644
--- a/src/core/lib/security/client_auth_filter.c
+++ b/src/core/lib/security/client_auth_filter.c
@@ -172,7 +172,7 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx,
     calld->creds = grpc_composite_call_credentials_create(channel_call_creds,
                                                           ctx->creds, NULL);
     if (calld->creds == NULL) {
-      bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
+      bubble_up_error(exec_ctx, elem, GRPC_STATUS_INTERNAL,
                       "Incompatible credentials set on channel and call.");
       return;
     }
@@ -201,7 +201,7 @@ static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data,
     char *error_msg;
     gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.",
                  grpc_mdstr_as_c_string(calld->host));
-    bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, error_msg);
+    bubble_up_error(exec_ctx, elem, GRPC_STATUS_INTERNAL, error_msg);
     gpr_free(error_msg);
   }
 }
diff --git a/src/core/lib/surface/secure_channel_create.c b/src/core/lib/surface/secure_channel_create.c
index dcb367023e257a9e831eddd767ad5d2144661984..b6f3504dc24605e3079b5ff28c4e5c029ef81e2f 100644
--- a/src/core/lib/surface/secure_channel_create.c
+++ b/src/core/lib/surface/secure_channel_create.c
@@ -267,7 +267,7 @@ grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
     gpr_log(GPR_ERROR, "Cannot set security context in channel args.");
     grpc_exec_ctx_finish(&exec_ctx);
     return grpc_lame_client_channel_create(
-        target, GRPC_STATUS_INVALID_ARGUMENT,
+        target, GRPC_STATUS_INTERNAL,
         "Security connector exists in channel args.");
   }
 
@@ -276,8 +276,7 @@ grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
       GRPC_SECURITY_OK) {
     grpc_exec_ctx_finish(&exec_ctx);
     return grpc_lame_client_channel_create(
-        target, GRPC_STATUS_INVALID_ARGUMENT,
-        "Failed to create security connector.");
+        target, GRPC_STATUS_INTERNAL, "Failed to create security connector.");
   }
 
   connector_arg = grpc_security_connector_to_arg(&security_connector->base);
diff --git a/test/core/end2end/tests/bad_hostname.c b/test/core/end2end/tests/bad_hostname.c
index df3f6be431b53e2e7c84ffd72fed289e536347d5..e8c07ac41c7660aa229d8d719e8c1d66d235fc8a 100644
--- a/test/core/end2end/tests/bad_hostname.c
+++ b/test/core/end2end/tests/bad_hostname.c
@@ -152,7 +152,7 @@ static void simple_request_body(grpc_end2end_test_fixture f) {
   cq_expect_completion(cqv, tag(1), 1);
   cq_verify(cqv);
 
-  GPR_ASSERT(status == GRPC_STATUS_INVALID_ARGUMENT);
+  GPR_ASSERT(status == GRPC_STATUS_INTERNAL);
 
   gpr_free(details);
   grpc_metadata_array_destroy(&initial_metadata_recv);