diff --git a/crates/oci/src/auth.rs b/crates/oci/src/auth.rs
index 6a1a782eb9..96731546c6 100644
--- a/crates/oci/src/auth.rs
+++ b/crates/oci/src/auth.rs
@@ -50,7 +50,7 @@ impl AuthConfig {
         Ok(())
     }
 
-    fn default_path() -> Result<PathBuf> {
+    pub(crate) fn default_path() -> Result<PathBuf> {
         Ok(dirs::config_dir()
             .context("Cannot find configuration directory")?
             .join("fermyon")
diff --git a/crates/oci/src/client.rs b/crates/oci/src/client.rs
index 2aad53fa39..582a989d95 100644
--- a/crates/oci/src/client.rs
+++ b/crates/oci/src/client.rs
@@ -490,7 +490,9 @@ impl Client {
         // First, validate the credentials. If a user accidentally enters a wrong credential set, this
         // can catch the issue early rather than getting an error at the first operation that needs
         // to use the credentials (first time they do a push/pull/up).
-        Self::validate_credentials(&server, &username, &password).await?;
+        if let Err(_) = Self::validate_credentials(&server, &username, &password).await {
+            tracing::error!("Cannot validate regsitry credentials. The server does not accept this operation, or the credentials might be wrong. Adding the credentials to the configuration and attempting to use them in future registry operations. You can check the registries spin is logged in at {:?}", AuthConfig::default_path()?);
+        }
 
         // Save an encoded representation of the credential set in the local configuration file.
         let mut auth = AuthConfig::load_default().await?;