Before running any removal commands, complete these preparatory steps to avoid downtime and administrative errors.
If the removed server still appears in stale diagnostic logs or cluster lists, restart the Active Directory Federation Services traffic on the ADFS nodes to force a synchronization refresh. Update DNS Records
Deploying Web Application Proxy (WAP) in a cluster ensures high availability and load balancing for your externally published applications. However, lifecycle management tasks—such as decommissioning old hardware, scaling down infrastructure, or performing a clean OS reinstall—require you to safely remove a WAP server from the cluster. remove web application proxy server from cluster
On the AD FS server (primary):
If the WAP server has a dedicated DNS entry, prepare to remove or redirect it. Method 2: Removing a WAP Server via PowerShell
Access the management console of your load balancer (e.g., Azure Portal).
Method 2: Removing a WAP Server via PowerShell (Recommended) scaling down infrastructure
How to Remove a Web Application Proxy Server from a Cluster Web Application Proxy (WAP) servers act as reverse proxies to protect corporate applications and facilitate Active Directory Federation Services (AD FS) traffic. When upgrading hardware, scaling down infrastructure, or repurposing servers, you must safely remove a WAP server from its cluster.
If a server has been powered off or failed without being uninstalled, it may still appear in the cluster list. You must manually update the ConnectedServersName property to exclude it. Open PowerShell as an Administrator. Set a new list that includes every server the one you want to remove: powershell
Delete the or AAAA records pointing to the IP address of the removed WAP server. Revoke or Reclaim SSL Certificates If the WAP server is being permanently decommissioned: Open certlm.msc (Local Computer Certificates).