On an internal AD FS server, use PowerShell to forcibly remove the orphaned entry:
# List all proxies to find the ID of the dead server Get-AdfsWebApplicationProxyIf the WAP server has suffered a catastrophic failure and cannot be brought online to uninstall the role properly, you must clean up the configuration from the internal side.
Get-EventLog -LogName "Web Application Proxy" -Newest 10
Send a change notification at least 48 hours in advance. Include:
Removing a web application proxy server from a cluster is a high-risk, low-frequency operation that demands careful planning, traffic draining, configuration synchronization, and thorough validation. Following the structured methodology outlined in this paper — from assessment through decommissioning — ensures minimal user impact and maintains the security and availability of published web applications.
For organizations running critical federated services, always test the removal procedure in a staging environment that mirrors production. Automation tools (Ansible, Terraform, or PowerShell DSC) can codify this process, turning a manual, error-prone task into a repeatable, auditable operation.
Appendix A: Sample Pre-Removal Checklist (PDF format available internally)
Appendix B: Emergency Contact List for AD FS/WAP Support
Appendix C: Script to Auto-Drain and Remove WAP Node (Python/PowerShell)
This paper is maintained by the Infrastructure Engineering team. Last reviewed: [Current Date]. Next scheduled review: 6 months.
To remove a Web Application Proxy (WAP) server from a cluster, you can use PowerShell to update the connected servers list or uninstall the feature from the specific node. Method 1: Remove via PowerShell (Recommended)
If you have a multi-server WAP deployment and want to remove a specific node from the management list, run the following command from an active WAP server: Remove a specific server from the list:
Set-WebApplicationProxyConfiguration -ConnectedServersName ((Get-WebApplicationProxyConfiguration).ConnectedServersName -ne 'ServerToRemove.domain.local') Verify the update: Get-WebApplicationProxyConfiguration WordPress.com Method 2: Decommission the Server Node
To completely remove the WAP role from a specific server (e.g., if you are retiring it), follow these steps: Remove Published Applications: Remote Access Management Console , locate any published applications, and remove them. Uninstall the WAP Feature:
Run the following PowerShell command on the server you want to remove:
Uninstall-WindowsFeature Web-Application-Proxy, RSAT-RemoteAccess Clean up DNS: Remove any DNS entries Load Balancer configurations pointing to the retired server. Microsoft Learn
Method 3: Remove from Windows Failover Cluster (If applicable) If your WAP servers are also nodes in a Windows Failover Cluster , you must "evict" the node: Failover Cluster Manager Navigate to Right-click the server name → More Actions Optionally, run Clear-ClusterNode -Force on the removed server to wipe residual metadata. this server permanently, or just troubleshooting a connection issue within the cluster? WAP – How to remove a WAP Server from WAP clusters
Removing a Web Application Proxy Server from a Cluster: A Comprehensive Review
Introduction
A Web Application Proxy (WAP) server is a crucial component of a cluster infrastructure, providing secure and reliable access to web applications. However, there may be situations where a WAP server needs to be removed from a cluster, such as planned maintenance, upgrades, or replacement with a new server. In this review, we will discuss the process of removing a WAP server from a cluster, its implications, and best practices to ensure a smooth transition.
Understanding Web Application Proxy Server Clusters
Before diving into the removal process, it's essential to understand the basics of WAP server clustering. A cluster is a group of servers that work together to provide a single, unified service, such as web application proxying. Clustering provides high availability, scalability, and fault tolerance, ensuring that if one server fails, the other servers can take over its responsibilities.
Reasons for Removing a WAP Server from a Cluster
There are several reasons why a WAP server might need to be removed from a cluster:
Preparation Steps
Before removing a WAP server from a cluster, it's essential to:
Removing the WAP Server from the Cluster
The steps to remove a WAP server from a cluster vary depending on the specific clustering technology and configuration. However, the general process involves:
Post-Removal Tasks
After removing the WAP server from the cluster:
Best Practices
To ensure a smooth transition when removing a WAP server from a cluster:
Conclusion
Removing a WAP server from a cluster requires careful planning, preparation, and execution to ensure minimal disruption to services. By following best practices and understanding the implications of removal, administrators can ensure a smooth transition and maintain the high availability and scalability of their web application proxy services.
To remove a Web Application Proxy (WAP) server from a cluster (or "farm"), you must update the cluster configuration to exclude the decommissioned server and then uninstall the Remote Access role from the server itself. 1. Update the Cluster Configuration
When a server is decommissioned or fails, it often still appears in the WAP cluster list. You must manually update the ConnectedServersName property to remove the stale entry. View current servers : Open PowerShell as an Administrator and run: powershell
(Get-WebApplicationProxyConfiguration).ConnectedServersName ``` Use code with caution. Copied to clipboard Remove the specific server : Execute the following command, replacing 'ServerToRemove.domain.local' with the FQDN of the server you want to remove: powershell
Set-WebApplicationProxyConfiguration –ConnectedServersName ((Get-WebApplicationProxyConfiguration).ConnectedServersName –ne 'ServerToRemove.domain.local') ``` *Note: `Swpc` and `gwpc` are common aliases
`Set-WebApplicationProxyConfiguration` and `Get-WebApplicationProxyConfiguration` respectively.* Use code with caution. Copied to clipboard 2. Decommission the Server Role
Once the server is no longer recognized as part of the cluster, you should uninstall the WAP services from the physical or virtual machine. Via PowerShell powershell
Uninstall-WindowsFeature Web-Application-Proxy, CMAK, RSAT-RemoteAccess ``` Use code with caution. Copied to clipboard Via Server Manager (GUI) Server Manager and select Remove Roles and Features Select the server and uncheck the Remote Access Confirm the removal of features and click 3. Post-Removal Cleanup Load Balancers
: Remove the decommissioned server's IP address from any external or internal Load Balancer pools DNS Records : Delete any DNS A or AAAA records that point to the removed server. Certificates : If the server is being permanently decommissioned, delete the SSL certificates from its local store to ensure security. Microsoft Learn Are you removing a server to replace it with a newer version , or are you shrinking the cluster permanently?
Decommissioning a Web Application Proxy - Packt Subscription