diff --git a/bin/startagent b/bin/startagent
index 784ecd7..9f17475 100755
--- a/bin/startagent
+++ b/bin/startagent
@@ -291,16 +291,19 @@ agent_load_identity_keys () {
                     #[ -e "${P11M-x}" ] || [ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
                     #[ "$(readlink - f $key)" == "$P11M" ] || key="$P11M"
                     [ "$(readlink -f $key)" != "$PKCS11_MODULE" -a "${PKCS11_MODULE:-x}" != "x" ] && key="$PKCS11_MODULE"
+                    export PKCS11_MODULE=$(readlink -f $key)
+                    export P11M=$PKCS11_MODULE
                     logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set} - key: $key"
-                    grep "export PKCS11_MODULE" ${agentfile} && sed -e '/export PKCS11_MODULE/d' ${agentfile}
-                    echo "export PKCS11_MODULE=$(readlink -f $key)" | tee -a "${agentfile}"
+                    grep -q "PKCS11_MODULE" "${agentfile}" >/dev/null 2>&1 && sed -i -e '/PKCS11_MODULE/d' "${agentfile}"
+                    echo "PKCS11_MODULE=$(readlink -f $key)" | tee -a "${agentfile}"
 
                     tokenfingerprints=($(ssh-keygen -l -D $key|tr -s ' '|awk '{print $2}'))
 
                     logtrace "fingerprints: ${fingerprints[*]}"
                     logtrace "tokenfingerprints count: ${#tokenfingerprints[@]}"
                     if [ ${#tokenfingerprints[@]} -gt 1 ]; then
-                        logerr "Found ${#tokenfingerprints[@]} in p11-kit-proxy! Check if only one token is plugged into your computer"
+                        logerr "Found ${#tokenfingerprints[@]} in $key! Check if only one token is plugged into your computer"
+                        
                     else
                         tokenfingerprint=${tokenfingerprints[0]}
                         logtrace "tokenfingerprint: ${tokenfingerprint}"
@@ -310,7 +313,7 @@ agent_load_identity_keys () {
                             if  $readd || $remove ; then
                                 $readd && logdebug "re-add token $key"
                                 $remove && logdebug "remove token $key"
-                            echo agentfile1 $agentfile \$SSH_ADD_OPTIONS $key >&2
+                                logtrace "agentfile1 $agentfile \$SSH_ADD_OPTIONS $key "
                                 logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -e "${key}" 2>&1)"
                                 ssh_runinagent $agentfile echo $SSH_AUTH_SOCK >&2
                                 $remove || logdebug "$(ssh_runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s "${key}" 2>&1)"
@@ -338,6 +341,8 @@ agent_load_identity_keys () {
 function check_pubkeysonly () { 
     if [ ${#pubkeysonly[*]} -gt 0 ] ; then
         for p in ${pubkeysonly[@]}; do
+            logtrace "pubkeyonly: $p"
+            logtrace "$(ssh_runinagent $agentfile ssh-add -T ${p} 2>&1)"
             ssh_runinagent $agentfile ssh-add -T ${p} 2>&1 || { $remove || readd=true; break; }
         done
     else