Remove Web Application Proxy Server From Cluster [repack] Jun 2026

✅ – change the recovery order to exclude the removed server.

Following this process ensures a clean removal without impacting your published applications.

Once traffic has bypassed the server, you can officially dissolve its relationship with the AD FS federation service. WAP removal is handled entirely via PowerShell. Log into the WAP server you want to remove. Open with elevated administrator privileges. Execute the deployment removal command: powershell Uninstall-WebApplicationProxy Use code with caution. What Happens During This Step? The local remote access configuration is deleted.

If you are using the native Windows Server NLB feature, open PowerShell as an Administrator on the node you wish to remove and run: powershell Stop-NlbClusterNode -NodeName "WAP-Server-To-Remove" -Drain Use code with caution. remove web application proxy server from cluster

Simulate a failure of the target node without removal:

Ensure you have access to your load balancer (e.g., F5, Citrix, KEMP) to remove the node from the load balancing pool. 2. Step-by-Step Removal Process Step 1: Remove the Server from the Load Balancer

✅ . If total CPU on remaining nodes exceeds 70% sustained, add a replacement node before removing a second one. ✅ – change the recovery order to exclude

✅ after removal. The AD FS proxy trust certificate (default 1-year) does not need immediate reissue, but after a cluster size change, run:

To ensure a smooth transition when removing a WAP server from a cluster:

: Use the following PowerShell command to remove the WAP feature and its associated management tools: powershell WAP removal is handled entirely via PowerShell

In modern enterprise architecture, Web Application Proxy (WAP) servers are critical components for providing secure, reverse-proxy access to internal applications. Often deployed in clusters for high availability, there comes a time when a server needs to be removed—whether for decommissioning, hardware upgrades, or maintenance.

Uncheck (or specifically the Web Application Proxy sub-role). Restart the server when prompted to complete the removal.

Once you confirm 24–48 hours of error-free operation, you can safely delete the virtual machine or repurpose the physical hardware from your environment. To help tailor any further cleanup steps, tell me:

If the server is being fully retired, remove sensitive SSL certificates from the local computer store to prevent theft. Microsoft Learn PowerShell script

Note: Wait for active connections to drop to zero before proceeding to the next step. You can monitor active connections in Performance Monitor under the "Web Application Proxy" counters. Step 2: Remove the Server from the WAP Cluster