diff --git a/src/connection_string.ts b/src/connection_string.ts
index b282afc489..d63c7de4e5 100644
--- a/src/connection_string.ts
+++ b/src/connection_string.ts
@@ -403,7 +403,7 @@ export function parseOptions(
     ) {
       // If authSource was explicitly given and its incorrect, we error
       throw new MongoParseError(
-        `${mongoOptions.credentials} can only have authSource set to '$external'`
+        `authMechanism ${mongoOptions.credentials.mechanism} requires an authSource of '$external'`
       );
     }
 
diff --git a/test/unit/connection_string.test.ts b/test/unit/connection_string.test.ts
index 9a14efa459..4a33259bb9 100644
--- a/test/unit/connection_string.test.ts
+++ b/test/unit/connection_string.test.ts
@@ -237,6 +237,18 @@ describe('Connection String', function () {
     expect(options).to.not.have.property('credentials');
   });
 
+  for (const mechanism of ['GSSAPI', 'MONGODB-X509']) {
+    context(`when the authMechanism is ${mechanism} and authSource is NOT $external`, function () {
+      it('throws a MongoParseError', function () {
+        expect(() =>
+          parseOptions(`mongodb+srv://hostname/?authMechanism=${mechanism}&authSource=invalid`)
+        )
+          .to.throw(MongoParseError)
+          .to.match(/requires an authSource of '\$external'/);
+      });
+    });
+  }
+
   it('should omit credentials and not throw a MongoAPIError if the only auth related option is authSource', async () => {
     // The error we're looking to **not** see is
     // `new MongoInvalidArgumentError('No AuthProvider for ${credentials.mechanism} defined.')`