diff --git a/.changelog/4153.txt b/.changelog/4153.txt
index 21a1869733..3a42a23e4b 100644
--- a/.changelog/4153.txt
+++ b/.changelog/4153.txt
@@ -1,3 +1,3 @@
 ```release-note:bug
-terminating-gateway: Fix generated acl policy for external services to include the namespace and parition block if they are enabled.
+terminating-gateway: Fix generated acl policy for external services to include the namespace and partition block if they are enabled.
 ```
diff --git a/control-plane/catalog/registration/cache.go b/control-plane/catalog/registration/cache.go
index 4906bc29be..357a59b33c 100644
--- a/control-plane/catalog/registration/cache.go
+++ b/control-plane/catalog/registration/cache.go
@@ -158,7 +158,7 @@ func (c *RegistrationCache) run(log logr.Logger, namespace string) {
 
 				if err := c.k8sClient.Get(c.ctx, types.NamespacedName{Name: svc, Namespace: namespace}, registration); err != nil {
 					if !k8serrors.IsNotFound(err) {
-						log.Error(err, "unable to get registration", "svcName", svc)
+						log.Error(err, "unable to get registration", "svcName", svc, "namespace", namespace)
 					}
 					continue
 				}
@@ -263,6 +263,7 @@ func (c *RegistrationCache) updateTermGWACLRole(log logr.Logger, registration *v
 			return err
 		}
 
+		// we don't need to include the namespace/partition here because all roles and policies are created in the default namespace for consul-k8s managed resources.
 		writeOpts := &capi.WriteOptions{}
 
 		if existingPolicy == nil {
@@ -335,8 +336,8 @@ func (c *RegistrationCache) removeTermGWACLRole(log logr.Logger, registration *v
 	var mErr error
 	for _, termGW := range termGWsToUpdate {
 
+		// we don't need to include the namespace/partition here because all roles and policies are created in the default namespace for consul-k8s managed resources.
 		queryOpts := &capi.QueryOptions{}
-
 		writeOpts := &capi.WriteOptions{}
 
 		roles, _, err := client.ACL().RoleList(queryOpts)