Remove Web Application Proxy Server From Cluster Jun 2026

Uninstall-WindowsFeature -Name Remote-Access -IncludeManagementTools -Restart Use code with caution.

# 1. Get the current list and filter out the server to be removed $newServerList = (Get-WebApplicationProxyConfiguration).ConnectedServersName -ne "server2.domain.local" # 2. Update the configuration with the new list Set-WebApplicationProxyConfiguration -ConnectedServersName $newServerList Use code with caution. Copied to clipboard Step-by-Step Decommissioning

Post-removal validation confirmed that the server is no longer syncing with the AD FS infrastructure and that external access to published applications remains operational. remove web application proxy server from cluster

Uninstall-WindowsFeature Web-Application-Proxy, CMAK, RSAT-RemoteAccess ``` Use code with caution. Copied to clipboard Via Server Manager (GUI) Server Manager and select Remove Roles and Features Select the server and uncheck the Remote Access Confirm the removal of features and click 3. Post-Removal Cleanup Load Balancers

Now, log in locally (or via iLO/iDRAC) to the WAP server being decommissioned. Copied to clipboard Via Server Manager (GUI) Server

Step 1: assess impact. Priya checked active sessions and recent authentications. Only a small percentage of traffic had routed to node 03 in the last 10 minutes. No ongoing sign-ins were mid-flight. Good—she could safely drain it.

# List all WAP servers Get-WebApplicationProxyEndpoint Uninstall the WAP role:

Export the current WAP configuration as a safety precaution. Run the following command to document your published applications: powershell

In the lifecycle of any production environment, change is inevitable. Scaling down, hardware retirement, traffic pattern shifts, or security overhauls often necessitate the removal of a node from a cluster. While adding resources is exciting, removing a Web Application Proxy (WAP) server from a cluster is a delicate surgical procedure. Done incorrectly, it can orphan authentication requests, break Single Sign-On (SSO), and leave your external users staring at a cryptic 503 error.

✅ (1, 3, 5) when using default load balancer session persistence. Even-numbered clusters can cause split-brain conditions during AD FS proxy trust certificate renewal.

Set-WebApplicationProxyConfiguration -ConnectedServersName $updatedServers ``` Use code with caution. Copied to clipboard 2. Decommission the Target Server Perform these steps on the server being removed to fully clean up its configuration. Remove Remote Access settings: Remote Access Management console DirectAccess and VPN , and click Remove Configuration Settings in the Tasks pane. Uninstall the WAP role: