diff --git a/lib/components/peer-olm-session-creator-provider.react.js b/lib/components/peer-olm-session-creator-provider.react.js
--- a/lib/components/peer-olm-session-creator-provider.react.js
+++ b/lib/components/peer-olm-session-creator-provider.react.js
@@ -4,6 +4,7 @@
 import * as React from 'react';
 
 import { useOlmDebugLogs } from './debug-logs-context.js';
+import { useGetAndUpdateDeviceListsForUsers } from '../hooks/peer-list-hooks.js';
 import { getPeersDeadDeviceIDs } from '../selectors/user-selectors.js';
 import { IdentityClientContext } from '../shared/identity-client-context.js';
 import { useTunnelbroker } from '../tunnelbroker/tunnelbroker-context.js';
@@ -43,6 +44,7 @@
   const olmDebugLog = useOlmDebugLogs();
 
   const deadDevices = useSelector(getPeersDeadDeviceIDs);
+  const refetchDeviceList = useGetAndUpdateDeviceListsForUsers();
 
   const createOlmSessionsWithUserCallback = React.useCallback(
     async (
@@ -62,7 +64,7 @@
 
       const promise = (async () => {
         const authMetadata = await getAuthMetadata();
-        await createOlmSessionsWithUser(
+        const { deviceKeysMissing } = await createOlmSessionsWithUser(
           authMetadata,
           identityClient,
           sendMessageToDevice,
@@ -72,6 +74,17 @@
           olmDebugLog,
         );
 
+        // if keys for some devices were missing, refetch device list
+        // from Identity
+        if (deviceKeysMissing) {
+          void refetchDeviceList([userID]).catch(err => {
+            console.warn(
+              `Failed to refetch device list for user ${userID}:`,
+              err,
+            );
+          });
+        }
+
         for (const request of filteredDevices) {
           runningPromises.current[userID][request.deviceID] = null;
         }
@@ -96,6 +109,7 @@
       identityClient,
       olmDebugLog,
       sendMessageToDevice,
+      refetchDeviceList,
     ],
   );
 
diff --git a/lib/utils/crypto-utils.js b/lib/utils/crypto-utils.js
--- a/lib/utils/crypto-utils.js
+++ b/lib/utils/crypto-utils.js
@@ -117,6 +117,9 @@
   +deviceID: string,
   +sessionCreationOptions?: SessionCreationOptions,
 };
+export type SessionCreationResult = {
+  +deviceKeysMissing: boolean,
+};
 async function createOlmSessionsWithUser(
   authMetadata: AuthMetadata,
   identityClient: IdentityServiceClient,
@@ -125,7 +128,7 @@
   devices: $ReadOnlyArray<DeviceSessionCreationRequest>,
   source: 'session_reset' | 'session_not_exists',
   olmDebugLog: (olmLog: OlmDebugLog) => mixed,
-): Promise<void> {
+): Promise<SessionCreationResult> {
   const { olmAPI } = getConfig();
   await olmAPI.initializeCryptoAccount();
 
@@ -138,6 +141,8 @@
     throw new Error('CommServicesAuthMetadata is missing');
   }
 
+  let deviceKeysMissing = false;
+
   const filteredDevices: $ReadOnlyArray<{
     +deviceID: string,
     +hasContentSession: boolean,
@@ -174,7 +179,7 @@
     device => !device.hasContentSession || !device.hasNotifsSession,
   );
   if (!sessionCreationNeeded) {
-    return;
+    return { deviceKeysMissing };
   }
 
   const deviceIDsToFetch = filteredDevices.map(device => device.deviceID);
@@ -195,6 +200,7 @@
 
       if (!deviceKeysResponse || !deviceKeysResponse.keys) {
         resultDescription = `Keys missing for device ${deviceID}`;
+        deviceKeysMissing = true;
         return;
       }
       const { keys } = deviceKeysResponse;
@@ -274,6 +280,7 @@
     }
   });
   await Promise.all(devicePromises);
+  return { deviceKeysMissing };
 }
 
 export {