diff --git a/keystoneauth1/identity/generic/base.py b/keystoneauth1/identity/generic/base.py
index 4cbfbe36..e920cdc8 100644
--- a/keystoneauth1/identity/generic/base.py
+++ b/keystoneauth1/identity/generic/base.py
@@ -119,7 +119,10 @@ class BaseGenericPlugin(base.BaseIdentityPlugin):
             url_parts = urlparse.urlparse(self.auth_url)
             path = url_parts.path.lower()
 
-            if path.startswith('/v2.0') and not self._has_domain_scope:
+            if path.startswith('/v2.0'):
+                if self._has_domain_scope:
+                    raise exceptions.DiscoveryFailure(
+                        'Cannot use v2 authentication with domain scope')
                 plugin = self.create_plugin(session, (2, 0), self.auth_url)
             elif path.startswith('/v3'):
                 plugin = self.create_plugin(session, (3, 0), self.auth_url)
@@ -127,6 +130,7 @@ class BaseGenericPlugin(base.BaseIdentityPlugin):
         else:
             disc_data = disc.version_data()
 
+            v2_with_domain_scope = False
             for data in disc_data:
                 version = data['version']
 
@@ -134,6 +138,7 @@ class BaseGenericPlugin(base.BaseIdentityPlugin):
                         self._has_domain_scope):
                     # NOTE(jamielennox): if there are domain parameters there
                     # is no point even trying against v2 APIs.
+                    v2_with_domain_scope = True
                     continue
 
                 plugin = self.create_plugin(session,
@@ -143,6 +148,9 @@ class BaseGenericPlugin(base.BaseIdentityPlugin):
 
                 if plugin:
                     break
+            if not plugin and v2_with_domain_scope:
+                raise exceptions.DiscoveryFailure(
+                    'Cannot use v2 authentication with domain scope')
 
         if plugin:
             return plugin
diff --git a/keystoneauth1/identity/generic/password.py b/keystoneauth1/identity/generic/password.py
index 439553a0..a24fde22 100644
--- a/keystoneauth1/identity/generic/password.py
+++ b/keystoneauth1/identity/generic/password.py
@@ -12,6 +12,7 @@
 
 from keystoneauth1 import _utils as utils
 from keystoneauth1 import discover
+from keystoneauth1 import exceptions
 from keystoneauth1.identity.generic import base
 from keystoneauth1.identity import v2
 from keystoneauth1.identity import v3
@@ -44,8 +45,8 @@ class Password(base.BaseGenericPlugin):
     def create_plugin(self, session, version, url, raw_status=None):
         if discover.version_match((2,), version):
             if self._user_domain_id or self._user_domain_name:
-                # If you specify any domain parameters it won't work so quit.
-                return None
+                raise exceptions.DiscoveryFailure(
+                    'Cannot use v2 authentication with domain scope')
 
             return v2.Password(auth_url=url,
                                user_id=self._user_id,
diff --git a/keystoneauth1/tests/unit/auth/test_password.py b/keystoneauth1/tests/unit/auth/test_password.py
index 33d44258..d06e4f79 100644
--- a/keystoneauth1/tests/unit/auth/test_password.py
+++ b/keystoneauth1/tests/unit/auth/test_password.py
@@ -41,6 +41,16 @@ class PasswordTests(utils.GenericPluginTestCase):
         self.stub_discovery(v3=False)
         self.assertDiscoveryFailure(user_domain_id=uuid.uuid4().hex)
 
+    def test_v3_domain_params_v2_url(self):
+        self.stub_discovery(v3=False)
+        self.assertDiscoveryFailure(domain_id=uuid.uuid4().hex)
+
+    def test_v3_disocovery_failure_v2_url(self):
+        auth_url = self.TEST_URL + 'v2.0'
+        self.stub_url('GET', json={}, base_url='/v2.0', status_code=500)
+        self.assertDiscoveryFailure(domain_id=uuid.uuid4().hex,
+                                    auth_url=auth_url)
+
     def test_options(self):
         opts = [o.name for o in generic.Password().get_options()]