Removing a Web Application Proxy (WAP) server from a cluster is a routine maintenance task often performed during hardware decommissioning, OS upgrades, or troubleshooting persistent errors. While the process appears straightforward, it requires careful execution to ensure high availability and prevent service interruption for external users accessing internal applications.
This guide focuses on the Microsoft implementation where WAP servers are part of an Active Directory Federation Services (AD FS) infrastructure, though the principles apply to most proxy cluster architectures.
Document Version: 1.0 Classification: Operational Procedure & Architectural Change
If the server is domain-joined and will never return: remove web application proxy server from cluster
✅ Always maintain an odd number of WAP nodes (1, 3, 5) when using default load balancer session persistence. Even-numbered clusters can cause split-brain conditions during AD FS proxy trust certificate renewal.
✅ Document the removal in your CMDB – including dates, who performed the removal, and the reason.
✅ Update your disaster recovery plan – change the recovery order to exclude the removed server. Removing a Web Application Proxy (WAP) server from
✅ Monitor remaining node capacity. If total CPU on remaining nodes exceeds 70% sustained, add a replacement node before removing a second one.
✅ Schedule certificate rollover after removal. The AD FS proxy trust certificate (default 1-year) does not need immediate reissue, but after a cluster size change, run:
Update-AdfsCertificate -CertificateType Proxy-Trust
If using a hardware or software LB (F5, HAProxy, AWS NLB, nginx): ✅ Always maintain an odd number of WAP
# HAProxy example - disable server in backend echo "disable server <backend_name>/<node_name>" | socat stdio /var/lib/haproxy/stats
Remove-WebApplicationProxyEndpoint -ProxyEndpoint <FQDN_of_WAP_node>
Step 2: Unconfigure WAP role on the target node
# On the target WAP server
Uninstall-WindowsFeature Web-Application-Proxy -Restart
Step 3: Clean up AD FS proxy trust (if orphaned entries remain)
# On AD FS server
Get-ADFSWebApplicationProxyRelyingPartyTrust -Name <proxy_node> | Remove-ADFSWebApplicationProxyRelyingPartyTrust
EbonyStory.com is the best place to read and share fresh interesting African stories online. Starting from Romance stories, Adventure stories, Action stories, Spiritual stories, Horror stories and many more. All our stories are free and no signup required to start reading. We have wonderful writers that are ever ready to give you the latest interesting stories with moral lessons to keep you smiling all day.
The quality of our stories together with the simplicity of our platform makes us one of the best in Africa. Our stories are written inform of Story Book ( Novels ), Short Story and Poem
You can subscribe for our story update via: Facebook, Whatsapp, Twitter, Instagram
If you have any complain email [email protected] or call