Promoted Windows Sever 2019 to DC, getting many Event ID 37 errors

Yes, install the latest SSU,

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005112

followed by the latest cumulative updates

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5008218

Patch all the domain controllers as first step. Then each user will get the new improved authentication information PACs of Kerberos Ticket-Granting Tickets. (TGT) described in the KB

Then it looks like you may get one warning for every user.

https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
***Adds the new PAC to users who authenticated using an Active Directory domain controller that has the November 9, 2021 or later updates installed. When authenticating, if the user has the new PAC, the PAC is validated.***

the ***PacRequestorEnforcement*** registry value's only function is to allow you to transition to the Enforcement phase early. Otherwise not needed.

--please don't forget to upvote and Accept as answer if the reply is helpful--