Push and image to Azure Container Registry task in Azure DevOps pipeline fails. Previous tasks are executed fine ie. docker image is created and login to ACR is successful. However, push-task fails with the following result:

unauthorized: authentication required
[error]unauthorized: authentication required
[error]/usr/bin/docker failed with return code: 1
[section]Finishing: Push Docker image

docker push to that given acr works fine from local command line.

# Docker image
# Build a Docker image to deploy, run, or push to a container registry.
# Add steps that use Docker Compose, tag images, push to a registry, run an image, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker

trigger:
- master

pool:
  vmImage: 'Ubuntu-16.04'

variables:
  imageName: 'renamed:$(build.buildId)'
  azureSubscriptionEndpoint: Renamed
  azureContainerRegistry: renamed.azurecr.io
steps: 
- task: Docker@1
  displayName: Build docker image
  inputs:
    command: Build an image
    dockerFile: Dockerfile
    imageName: $(imageName)
    containerregistrytype: Azure Container Registry
    azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
    azureContainerRegistry: $(azureContainerRegistry)
- task: Docker@1
  displayName: Login to container registry
  inputs:
    command: login
    containerregistrytype: Azure Container Registry
    azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
    azureContainerRegistry: $(azureContainerRegistry)
    dockerFile: Dockerfile
    imageName: $(imageName)
- task: Docker@1
  displayName: Push Docker image
  inputs:
    command: Push an image
    containerregistrytype: Azure Container Registry
    azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
    azureContainerRegistry: $(azureContainerRegistry)
    imageName: $(imageName)

remove the docker login step from your build, docker tasks handle auth for you using azure subscription endpoint (if it is properly configured), if not - give your service principal permissions to acrpush).

I had the same issue when I used an Azure Container Registry Service Connection in Azure DevOps.

The work around was to not choose ‘Azure Container Registry’ when creating the Docker Registry Service Connection and to instead choose ‘Others’. Then in the Azure Portal enable admin user on your container registry and use the credentials from that to create the service connection.

I had this issue when pushing a docker image to Azure Container Registry.

I get the error

unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.

Here's how I fixed it:

My user already had the Owner role to the Container Registry so I had the permission to push and pull images.

The issue was that the admin_user was not enabled in the Azure Container Registry.

All I had to do was to enable the admin user. This generates a username, password, and password2.

Next, you can log in now to Azure Container Registry using the command:

az acr login --name my-container-registry

Tag your docker image

docker tag image-name:image-tag my-container-registry.azurecr.io/image-name:image-tag

And now push image to Azure Container Registry using the command:

docker push my-container-registry.azurecr.io/image-name:image-tag

That's all

remove the docker login step from your build, docker tasks handle auth for you using azure subscription endpoint (if it is properly configured), if not - give your service principal permissions to acrpush).

Case sensitive issue

I created an ACR name: blaH

I can login: az acr login -n blaH

Uppercase characters are detected in the registry name. When using its server url in docker commands, to avoid authentication errors, use all lowercase.
Login Succeeded

docker build -f Dockerfile -t blaH.azurecr.io/some-app:1.0 ..

unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.

switch to lowercase h, i.e. docker build -f Dockerfile -t blah.azurecr.io/some-app:1.0 .. & success 🎉:

1.0: digest: sha256:b1e6749eae625e6a3fca3eea36466530460e8cd544af67e88687139a37522ba6 size: 1495

note: it even tells me/us but I wasn't reading it 🤦‍♂️, see the warning printed in yellow in the CLI on acr login.

note 2: I stumbled upon this on reviewing the azure portal & notice the login server was all lowercase:

I had the same issue. I just deleted and recreated the ACR but this time I checked the admin user option before the ACR created.

Then:

az acr login --name myacrname


docker tag localImageName:<Tag> myacrname.azurecr.io/localImageName:<Tag>
docker push myacrname.azurecr.io/localImageName:<Tag>

• If tag=latest you can remove the tag

If successfully pushed you can see it in azure - repositories

Go to Project Settings --> Service connection --> Edit --> revalidate the permission

should fix the problem

In my case I am tagging my images with 433.

ex: <containerRegistryName>.azurecr.io:443/<imageName>

after removing the 433, and tried to push again, it succeeded!

I had to drop sudo on my final command as nothing was working for me:

docker push acrname.azurecr.io/image:version

only putting it here cause it MIGHT help someone who was as dumb as me.

i had an errant extra space at the end of by registry href so i meant to have

https://example.com

but had

https://example.com <--notice the space

since the task matches on exact href...no match, thus no auth token :(

I had a similar issue on my Ubuntu WSL2. I solved this problem by eliminating the necessity for using sudo with docker command by adding the current user to the Docker group. That's

sudo usermod -aG docker $USER

Ensure that your Azure Container Registry and AKS Cluster are properly integrated. I encountered the same issue.