MicrosoftMicrosoftAnd yet even after applying Jan & Feb cumulative updates to our Domain Controllers (and member servers):
A temporary registry control setting (RC4DefaultDisablementPhase) has been introduced, allowing organizations to optionally enable stricter behavior ahead of time
was not created.
Manually creating the registry setting and setting it to a value of '1' , did not achieve desired state, that is to audit the events 201,202,205,206,207 from the system event log. The events 203,204,208 and 209 will be logged starting from phase 2.
This contradicts the statement:
Why the January Update Matters (Even If Nothing Breaks Yet)
The audit events that have been introduced are your only early warning system to avoid Kerberos authentication failures, problems with legacy applications, and service accounts failing due to missing AES keys.
RC4DefaultDisablementPhase requires rebooting the Domain Controllers.. no idea if that is why is not working for you
Yes, Domain controllers all get rebooted as part of their Monthly Cumulative update patching, so therefore rebooted post Jan patch as well as February patching (and now March also) :(
