I have a work laptop that I don’t actually use that often. For security reasons, we can only VPN in from a company-controlled machine, though, so if I want to be able to VPN in from home at all, I need a company-issued laptop.
I try to remember to bring it in to work with me at least once a month, so I can log in to my domain account, pull down Windows Updates, virus definitions, and so on. Well, when I brought it in recently, I noticed that it wasn’t pulling down any updates, and hadn’t since July. So I started troubleshooting. It turns out that Windows Update is still pretty opaque (though there is a log file you can look at). I found a lot of advice about how to kick-start the update process and get it going again, but I didn’t find anything that applied to my situation and worked.
Eventually, I gave up and sent an email to our help desk. Now, obviously, this isn’t a critical issue, so I didn’t get a quick response. But I did get a response eventually, with a question, which I answered. Then, when I didn’t get any follow-up response, and I had a little downtime, I decided to poke around a bit more. (That was probably a mistake.)
I saw in the update history that a few updates had failed back in June. There were some successful ones in July, though, so I wasn’t sure that was the problem. But I decided that maybe rolling back to a system restore point from back in June might get me back to a stable point, from which I could get updates going again.
I did that, but then found myself getting this exciting error message: “The trust relationship between this workstation and the primary domain failed.” So rolling back so far basically broke the link between the laptop and Active Directory. When I searched for that error, I was surprised to see a recent blog post from Raymond Chen about it. His blog often has some interesting and fun stuff on it. And the comments are often pretty interesting too.
I was pretty sure I wouldn’t have adequate rights to remove and re-join my laptop from our domain, so I handed it off to one of our support techs, so now it’s his problem, but I feel a little guilty about it for some reason. It feels kind of weird to be working for an organization where I don’t have admin rights to anything, after my long stint at a previous employer, where I had admin rights to everything. Here, I can’t join a machine to a domain, nor can I look at our WSUS server to see what’s going on. But, heck, I probably shouldn’t be messing with that stuff anyway at this stage in my career, right?