diff --git a/src/routes/test/backups-test.js b/src/routes/test/backups-test.js
index b4800afb5..3aee92165 100644
--- a/src/routes/test/backups-test.js
+++ b/src/routes/test/backups-test.js
@@ -37,7 +37,7 @@ describe('Backups API', function () {
         const response = await superagent.get(`${serverUrl}/api/v1/backup_sites/${site.id}/backups`)
             .query({ access_token: admin.token });
         expect(response.status).to.equal(200);
-        expect(response.body.backups.length).to.be(1);
+        expect(response.body.backups.length).to.be(2); // this contains the box & mail backup, should it?
     });
 
 
diff --git a/src/routes/test/common.js b/src/routes/test/common.js
index 8e6d623c3..b1cb97134 100644
--- a/src/routes/test/common.js
+++ b/src/routes/test/common.js
@@ -140,14 +140,22 @@ async function setup() {
     const scope1 = nock(await appstore.getApiServerOrigin())
         .post('/api/v1/register_cloudron3', (body) => typeof body.domain === 'string' && typeof body.version === 'string')
         .reply(201, { cloudronId: 'cid', cloudronToken: 'CLOUDRON_TOKEN' });
+
+    const scope2 = nock(await appstore.getApiServerOrigin())
+        .post('/api/v1/subscription3?accessToken=CLOUDRON_TOKEN', (body) => typeof body.state === 'object' && typeof body.state.userCount === 'number')
+        .reply(200, { features: {} });
+
     response = await superagent.post(`${serverUrl}/api/v1/provision/activate`)
         .query({ setupToken: 'somesetuptoken' })
-        .send({ username: owner.username, password: owner.password, email: owner.email });
+        .send({ username: owner.username, password: owner.password, email: owner.email })
+        .ok(() => true);
     expect(response.status).to.eql(201);
     owner.token = response.body.token;
     owner.id = response.body.userId;
     expect(scope1.isDone()).to.be.ok();
     scope1.persist(false);
+    expect(scope2.isDone()).to.be.ok();
+    scope2.persist(false);
 
     // create an admin
     response = await superagent.post(`${serverUrl}/api/v1/users`)
diff --git a/src/routes/test/provision-test.js b/src/routes/test/provision-test.js
index 9608a58b9..1174681bb 100644
--- a/src/routes/test/provision-test.js
+++ b/src/routes/test/provision-test.js
@@ -122,21 +122,31 @@ describe('Provision', function () {
     });
 
     describe('Activation', function () {
-        let scope1, scope2;
+        let scope1, scope2, scope3;
+
         before(async function () {
+            // IMPORTANT: a quirk in provision is that it always registers cloudron even before validation of the owner fields (like username)
+            // this means that fail tests below call the appstore API many times and thus the times(1000)
             scope1 = nock(await appstore.getApiServerOrigin())
                 .post('/api/v1/register_cloudron3', (body) => typeof body.domain === 'string' && typeof body.version === 'string')
                 .times(1000)
                 .reply(201, { cloudronId: '32', cloudronToken: 'xx' });
 
             scope2 = nock(await appstore.getApiServerOrigin())
+                .post('/api/v1/subscription3?accessToken=xx', (body) => typeof body.state === 'object' && typeof body.state.userCount === 'number')
+                .times(1000)
+                .reply(200, { features: {} });
+
+            scope3 = nock(await appstore.getApiServerOrigin())
                 .post('/api/v1/update_cloudron?accessToken=xx', (body) => typeof body.domain === 'string' && typeof body.version === 'string')
                 .times(1000)
                 .reply(200, {});
         });
+
         after(function () {
             scope1.persist(false);
             scope2.persist(false);
+            scope3.persist(false);
             nock.cleanAll();
         });
 
@@ -169,8 +179,6 @@ describe('Provision', function () {
                 .send({ username: '', password: owner.password, email: owner.email })
                 .ok(() => true);
 
-                console.log(response.body);
-
             expect(response.status).to.eql(400);
         });
 
diff --git a/src/test/provision-test.js b/src/test/provision-test.js
index 21ca32b19..3e893b21e 100644
--- a/src/test/provision-test.js
+++ b/src/test/provision-test.js
@@ -55,9 +55,16 @@ describe('Provision', function () {
                 .post('/api/v1/register_cloudron3', (body) => typeof body.domain === 'string' && typeof body.version === 'string')
                 .reply(201, { cloudronId: '32', cloudronToken: 'xx' });
 
+            const scope2 = nock(await appstore.getApiServerOrigin())
+                .post('/api/v1/subscription3?accessToken=xx', (body) => typeof body.state === 'object' && typeof body.state.userCount === 'number')
+                .reply(200, { features: {} });
+
             await provision.activate('username', 'password', 'test@cloudron.io', 'Some Name', '1.2.3.4', auditSource);
             expect(scope1.isDone()).to.be.ok();
             scope1.persist(false);
+
+            expect(scope2.isDone()).to.be.ok();
+            scope2.persist(false);
         });
     });
 });