diff --git a/integration/auth_web_flow_test.go b/integration/auth_web_flow_test.go
index c9dda617..70ba0c26 100644
--- a/integration/auth_web_flow_test.go
+++ b/integration/auth_web_flow_test.go
@@ -222,11 +222,12 @@ func (s *AuthWebFlowScenario) CreateHeadscaleEnv(
 func (s *AuthWebFlowScenario) runTailscaleUp(
 	userStr, loginServer string,
 ) error {
-	log.Printf("running tailscale up for user %s", userStr)
+	log.Printf("running tailscale up for user %q", userStr)
 	if user, ok := s.users[userStr]; ok {
 		for _, client := range user.Clients {
 			c := client
 			user.joinWaitGroup.Go(func() error {
+				log.Printf("logging %q into %q", c.Hostname(), loginServer)
 				loginURL, err := c.LoginWithURL(loginServer)
 				if err != nil {
 					log.Printf("failed to run tailscale up (%s): %s", c.Hostname(), err)
diff --git a/integration/tsic/tsic.go b/integration/tsic/tsic.go
index 1ffd6b28..c2cb8515 100644
--- a/integration/tsic/tsic.go
+++ b/integration/tsic/tsic.go
@@ -466,7 +466,7 @@ func (t *TailscaleInContainer) Login(
 // This login mechanism uses web + command line flow for authentication.
 func (t *TailscaleInContainer) LoginWithURL(
 	loginServer string,
-) (*url.URL, error) {
+) (loginURL *url.URL, err error) {
 	command := []string{
 		"tailscale",
 		"up",
@@ -480,6 +480,12 @@ func (t *TailscaleInContainer) LoginWithURL(
 		return nil, errTailscaleCannotUpWithoutAuthkey
 	}
 
+	defer func() {
+		if err != nil {
+			log.Printf("join command: %q", strings.Join(command, " "))
+		}
+	}()
+
 	urlStr := strings.ReplaceAll(stdout+stderr, "\nTo authenticate, visit:\n\n\t", "")
 	urlStr = strings.TrimSpace(urlStr)
 
@@ -488,11 +494,8 @@ func (t *TailscaleInContainer) LoginWithURL(
 	}
 
 	// parse URL
-	loginURL, err := url.Parse(urlStr)
+	loginURL, err = url.Parse(urlStr)
 	if err != nil {
-		log.Printf("Could not parse login URL: %s", err)
-		log.Printf("Original join command result: %s", stderr)
-
 		return nil, err
 	}