Remove Web Application Proxy Server From Cluster [LIMITED – 2027]

| Pitfall | Symptom | Solution | | :--- | :--- | :--- | | | Clients intermittently fail to reach the site; ping works sometimes. | Clear neighbor cache: arp -d <removed_node_ip> on routers. | | Orphaned ADFS Proxy Trust | Event ID 102 on internal ADFS: "The proxy was unreachable." | Run Get-AdfsProxy | Remove-AdfsProxy on ADFS server. | | SSL Session Resumption | Some browsers connect fine; others (older) hang. | Remaining nodes must share the same SSL session cache (Redis/Memcached). Reconfigure after removal. | | Sticky Sessions (Persistence) | Users suddenly see "Your session has expired." | The removed node held memory-based session data. Migrate to distributed cache (Redis) before removal. |

Only do this if you intend to block all external access through proxies or are rebuilding the trust from scratch. Summary Checklist Update Cluster List PowerShell ( Set-WAPConfig ) Prevents "Server Down" errors in the management console. Uninstall Role Server Manager Frees up system resources and removes the WAP service. Cleanup DNS DNS Manager remove web application proxy server from cluster

Removing a Web Application Proxy server from a cluster is not a “click and forget” operation. It requires reverence for the identity pipeline that runs your business-critical SSO. By following this guide – draining traffic, revoking trust, removing the role, and validating the cluster – you ensure zero downtime and zero security regressions. | Pitfall | Symptom | Solution | |

(Get-WebApplicationProxyConfiguration).ConnectedServersName ``` Use code with caution. Copied to clipboard Remove the specific server: | | SSL Session Resumption | Some browsers