Remove Web Application Proxy Server From Cluster 'link'

How to Safely Remove a Web Application Proxy Server from a Cluster: A Step-by-Step Guide

Introduction: The Art of Surgical Infrastructure Removal

In the lifecycle of any production environment, change is inevitable. Scaling down, hardware retirement, traffic pattern shifts, or security overhauls often necessitate the removal of a node from a cluster. While adding resources is exciting, removing a Web Application Proxy (WAP) server from a cluster is a delicate surgical procedure. Done incorrectly, it can orphan authentication requests, break Single Sign-On (SSO), and leave your external users staring at a cryptic 503 error.

WAP, particularly in Microsoft-centric environments (acting as a reverse proxy for Active Directory Federation Services - ADFS), is not a stateless load balancer. It holds specific configuration ties, certificate dependencies, and publishing rules. This guide provides a comprehensive, vendor-agnostic approach with specific emphasis on ADFS/WAP, NGINX, and HAProxy clusters.

By the end of this article, you will understand the prerequisites, the dismantling process, and the post-removal validation steps required to keep your cluster healthy.

Prerequisites & Pre-Work

Before initiating the removal, ensure the following steps are taken to mitigate risk: remove web application proxy server from cluster

  1. Verify Cluster Health: Ensure the remaining nodes in the cluster are healthy and online. If you remove the only healthy node, service will be interrupted.
  2. Drain Connections: If possible, configure the load balancer to stop sending new connections to the target server. Allow existing sessions to time out gracefully.
  3. Administrative Privileges: Ensure you have local administrator rights on the WAP server and administrative rights on the AD FS farm.
  4. Backup: Take a snapshot or backup of the server state (registry/configuration) in case a rollback is required.

Option 1: Technical Procedure (Step-by-Step Guide)

Subject: Procedure to Remove Web Application Proxy Server from Cluster

Objective: This document outlines the steps required to safely remove a Web Application Proxy (WAP) server from the existing cluster/farm to decommission the node or reconfigure the infrastructure.

Prerequisites:

Procedure:

  1. Identify the Node: Log in to the server designated for removal and verify its hostname and current operational status.

  2. Remove from the WAP Farm: Open an elevated PowerShell console on the server to be removed. Execute the following command to remove the server from the Web Application Proxy configuration:

    Remove-WebApplicationProxyServer

    Note: You will be prompted to confirm the removal. Type 'Y' to proceed.

  3. Verify Removal: On a remaining WAP server within the cluster, run the following command to ensure the server is no longer listed in the farm: How to Safely Remove a Web Application Proxy

    Get-WebApplicationProxyServer

    Ensure the removed server’s name does not appear in the output.

  4. Uninstall the Role (Optional): If the server is being decommissioned entirely, open Server Manager, navigate to Manage, and select Remove Roles and Features. Uncheck Remote Access (which includes the Web Application Proxy role service) and proceed with the wizard.

  5. Final Cleanup:

    • Update external load balancer configurations to stop directing traffic to the removed node.
    • Update internal DNS records if necessary.
    • Shut down or disconnect the server from the network as per organizational policy.

Remove specific WAP node

Remove-WebApplicationProxyEndpoint -ProxyEndpoint <FQDN_of_WAP_node> Verify Cluster Health: Ensure the remaining nodes in

Step 2: Unconfigure WAP role on the target node

# On the target WAP server
Uninstall-WindowsFeature Web-Application-Proxy -Restart

Step 3: Clean up AD FS proxy trust (if orphaned entries remain)

# On AD FS server
Get-ADFSWebApplicationProxyRelyingPartyTrust -Name <proxy_node> | Remove-ADFSWebApplicationProxyRelyingPartyTrust

4. Pre-Removal Preparation