Remove Web Application Proxy Server From Cluster Access

There are several reasons why a WAP server might need to be removed from a cluster:

Test access to internal applications from outside the network to ensure the load balancer is correctly routing traffic to the remaining nodes.

Click in the top right corner and select Remove Roles and Features . Click Next until you reach the Server Roles page.

System Administrators, Infrastructure Engineers, Security Architects Difficulty Level: Advanced Estimated Time to Complete: 30–45 minutes (excluding replication delays)

Export your current AD FS and WAP configuration as a safety measure. remove web application proxy server from cluster

Removing a node involves more than just turning it off; it requires informing the load balancer to stop sending traffic and deregistering the server from the Active Directory Federation Services (AD FS) or relevant management system. 2. Pre-Removal Checklist

Before removing a WAP server from a cluster, consider the following:

Remove-WindowsFeature Web-Application-Proxy, Remote-Access -IncludeManagementTools Use code with caution. Restart the server to finalize the removal of the binaries: powershell Restart-Computer Use code with caution. Step 3: Clean Up Connected Servers and AD FS Trust

Locate the public host records (A or AAAA) pointing your federation service name (e.g., ://domain.com ) to the WAP servers. There are several reasons why a WAP server

Ensure the server object has been removed from the Active Directory connector group to avoid "phantom" server errors. Summary of Best Practices

Open on the remaining WAP and AD FS nodes. Navigate to: Applications and Services Logs > Microsoft > Windows > WebApplicationProxy > Admin

This guide provides step-by-step instructions to safely decommission and remove a Web Application Proxy server from an Active Directory Federation Services (AD FS) farm or cluster. Pre-Removal Checklist

Ensure you have access to your load balancer (e.g., F5, Citrix, KEMP) to remove the node from the load balancing pool. 2. Step-by-Step Removal Process Step 1: Remove the Server from the Load Balancer Pre-Removal Checklist Before removing a WAP server from

Locate the VIP (Virtual IP) configuration for your external web applications.

The WAP server must be unregistered from the AD FS server to clean up trust relationships.

✅ in your CMDB – including dates, who performed the removal, and the reason.

Step 3: Remove the WAP Configuration (Optional but Recommended)

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.