diff --git a/app/assets/javascripts/app/controllers/getting_started.coffee b/app/assets/javascripts/app/controllers/getting_started.coffee
index f3817117b..6fb2cd5cd 100644
--- a/app/assets/javascripts/app/controllers/getting_started.coffee
+++ b/app/assets/javascripts/app/controllers/getting_started.coffee
@@ -187,7 +187,7 @@ class Admin extends App.WizardFullScreen
 
     @html App.view('getting_started/admin')()
 
-    new App.ControllerForm(
+    @form = new App.ControllerForm(
       el:        @$('.js-admin-form')
       model:     App.User
       screen:    'signup'
@@ -208,9 +208,16 @@ class Admin extends App.WizardFullScreen
     )
     if errors
       @log 'error new', errors
+
+      # Only highlight, but don't add message. Error text breaks layout.
+      Object.keys(errors).forEach (key) ->
+        errors[key] = null
+
       @formValidate(form: e.target, errors: errors)
       @formEnable(e)
       return false
+    else
+      @formValidate(form: e.target, errors: errors)
 
     # save user
     user.save(
@@ -231,11 +238,10 @@ class Admin extends App.WizardFullScreen
 
       fail: (settings, details) =>
         @formEnable(e)
-        App.Event.trigger 'notify', {
-          type:    'error'
-          msg:     App.i18n.translateContent(details.error_human || 'Can\'t create user!')
-          timeout: 2500
-        }
+        if _.isArray(details.error)
+          @form.showAlert( App.i18n.translateInline( details.error[0], details.error[1] ) )
+        else
+          @form.showAlert(details.error_human || details.error || 'Unable to create user!')
     )
 
   relogin: (data, status, xhr) =>
diff --git a/app/assets/javascripts/app/controllers/signup.coffee b/app/assets/javascripts/app/controllers/signup.coffee
index ff3374c58..b4e8ad5b1 100644
--- a/app/assets/javascripts/app/controllers/signup.coffee
+++ b/app/assets/javascripts/app/controllers/signup.coffee
@@ -53,11 +53,19 @@ class Index extends App.ControllerContent
     errors = user.validate(
       screen: 'signup'
     )
+
     if errors
       @log 'error new', errors
+
+      # Only highlight, but don't add message. Error text breaks layout.
+      Object.keys(errors).forEach (key) ->
+        errors[key] = null
+
       @formValidate(form: e.target, errors: errors)
       @formEnable(e)
       return false
+    else
+      @formValidate(form: e.target, errors: errors)
 
     # save user
     user.save(
@@ -70,7 +78,7 @@ class Index extends App.ControllerContent
         if _.isArray(details.error)
           @form.showAlert( App.i18n.translateInline( details.error[0], details.error[1] ) )
         else
-          @form.showAlert(details.error_human || details.error || 'Unable to update object!')
+          @form.showAlert(details.error_human || details.error || 'Unable to create user!')
     )
 
   resend: (e) =>
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d8cd88313..e85a19dff 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -143,10 +143,7 @@ class UsersController < ApplicationController
       # check password policy
       if clean_params[:password].present?
         result = password_policy(clean_params[:password])
-        if result != true
-          render json: { error: result }, status: :unprocessable_entity
-          return
-        end
+        raise Exceptions::UnprocessableEntity, result if result != true
       end
 
       user = User.new(clean_params)
diff --git a/spec/system/setup/system_spec.rb b/spec/system/setup/system_spec.rb
index 782dc8764..97c33751c 100644
--- a/spec/system/setup/system_spec.rb
+++ b/spec/system/setup/system_spec.rb
@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe 'System setup process', type: :system, set_up: false do
+RSpec.describe 'System setup process', type: :system, set_up: false, authenticated_as: false do
 
   def fqdn
     match_data = %r{://(.+?)(:.+?|/.+?|)$}.match(app_host)
@@ -9,7 +9,7 @@ RSpec.describe 'System setup process', type: :system, set_up: false do
     raise "Unable to get fqdn based on #{app_host}"
   end
 
-  it 'Setting up a new system', authenticated_as: false do
+  it 'Setting up a new system' do
 
     if !ENV['MAILBOX_INIT']
       skip("NOTICE: Need MAILBOX_INIT as ENV variable like export MAILBOX_INIT='unittest01@znuny.com:somepass'")
@@ -110,4 +110,23 @@ RSpec.describe 'System setup process', type: :system, set_up: false do
       expect(page).to have_field('fqdn', with: fqdn)
     end
   end
+
+  # https://github.com/zammad/zammad/issues/3106
+  it 'Shows an error message if too weak password is filled in' do
+    visit '/'
+
+    click_on('Setup new System')
+
+    within('.js-admin') do
+      fill_in 'firstname',        with: 'Test Master'
+      fill_in 'lastname',         with: 'Agent'
+      fill_in 'email',            with: 'master@example.com'
+      fill_in 'password',         with: 'asd'
+      fill_in 'password_confirm', with: 'asd'
+
+      click_on('Create')
+
+      expect(page).to have_text 'Invalid password,'
+    end
+  end
 end