Sign in Subscribe

Remove Web Application Proxy Server From Cluster 【Trusted | 2025】

$proxy = Get-AdfsProxy -Name "wap-node-01.contoso.com" Remove-AdfsProxy -TargetProxy $proxy If you skip Step 2, the ADFS server will still attempt to send "relying party trust" updates to the removed proxy, causing event ID 364 and proxy sync timeouts in the event log. Scenario B: NGINX Reverse Proxy Cluster Assuming you have an active-passive or active-active cluster managed via a configuration management tool (Ansible, Puppet) or shared storage.

# For Windows WAP Get-WebApplicationProxyApplication | Select-Object ExternalURL, BackendServerURL, ExternalCertificateThumbprint If your cluster sits behind a hardware or software load balancer (F5, AWS NLB, HAProxy), verify the health probe settings. Does the balancer use a simple TCP handshake, or does it probe a specific URL ( /wap/health )? Removing the node before updating the LB will cause traffic to route to a black hole. Part 2: Graceful Quiescing – Draining the Traffic A hard shutdown is the enemy of production stability. You must "drain" the node. 2.1 Stop New Sessions (The "Drain" Step) Instruct the load balancer or the proxy itself to stop accepting new connections while finishing existing ones.

Open PowerShell as Administrator on the target WAP server: remove web application proxy server from cluster

On your internal ADFS server, run:

# View current WAP endpoints Get-WebApplicationProxyEndpoint Remove-WebApplicationProxyEndpoint -TargetProxyFQDN "wap-node-01.contoso.com" $proxy = Get-AdfsProxy -Name "wap-node-01

WAP, particularly in Microsoft-centric environments (acting as a reverse proxy for Active Directory Federation Services - ADFS), is not a stateless load balancer. It holds specific configuration ties, certificate dependencies, and publishing rules. This guide provides a comprehensive, vendor-agnostic approach with specific emphasis on ADFS/WAP, NGINX, and HAProxy clusters.

# Uninstall the Web Application Proxy role Uninstall-WindowsFeature Web-Application-Proxy Wait for completion. This removes the configuration but does not clean the ADFS side. Does the balancer use a simple TCP handshake,

Introduction: The Art of Surgical Infrastructure Removal