Re-authenticating under tailnet lock

When tailnet lock is enabled, each of your nodes stores tailnet-lock keys and other important data that should be preserved. As such, it's important to re-authenticate your existing nodes when they expire, rather than login again.

I got an error logging in, what should I do?

If you see the following error after attempting to login:

You have a locked tailnet and this machine has already been registered. Please either delete the machine from the admin console and retry, or switch back to the profile and reauth. https://tailscale.com/s/reauth-under-tailnet-lock

That means that your login would have overwritten an existing login on your device, resulting in the destruction of a tailnet lock key and a locked out node.

Instead, reauthenticate your existing login by switching back to it and re-authenticating:

tailscale switch <your-username>
tailscale up --force-reauth

If you did mean to overwrite your previous node with a new login, delete the machine from within the admin console before logging in again.