In the article titled "KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967" there is a lot of talk about the registry value KrbtgtFullPacSignature
However, there is no mention of whether this value needs to be manually created, or if it is supposed to have been automatically created in due course with the install of the appropriate Windows Updates.
Each of our Server 2016 Domain Controllers have seemingly never had the KrbtgtFullPacSignature registry value created and I'm starting to wonder why?
Each server has had its OS updates apply including the most recent update KB5028169 as mentioned as a requirement in CVE 2022 37967.
Why does the registry key not exist even though all the related updates are installed?