Remove Web Application Proxy Server From Cluster < COMPLETE >

- name: Uninstall WAP feature win_feature: name: Web-Application-Proxy state: absent

- name: Clean ADFS trust (run on ADFS server) win_shell: | Remove-WebApplicationProxyEndpoint -TargetProxyFQDN " ansible_fqdn " delegate_to: adfs_internal_server Removing a web application proxy server from a cluster is not merely a matter of turning off a switch. It is a process of quiescing, disconnecting, cleaning, and validating . The difference between a professional team and an amateur one is visible in the post-removal state. remove web application proxy server from cluster

# For Windows WAP Get-WebApplicationProxyApplication | Select-Object ExternalURL, BackendServerURL, ExternalCertificateThumbprint If your cluster sits behind a hardware or software load balancer (F5, AWS NLB, HAProxy), verify the health probe settings. Does the balancer use a simple TCP handshake, or does it probe a specific URL ( /wap/health )? Removing the node before updating the LB will cause traffic to route to a black hole. Part 2: Graceful Quiescing – Draining the Traffic A hard shutdown is the enemy of production stability. You must "drain" the node. 2.1 Stop New Sessions (The "Drain" Step) Instruct the load balancer or the proxy itself to stop accepting new connections while finishing existing ones. Part 2: Graceful Quiescing – Draining the Traffic

Reload NGINX gracefully: nginx -s reload . Existing persistent connections will finish; new ones bypass it. Force remove it:

Use the socket CLI to set the server state to maint (maintenance):

If you removed the WAP without uninstalling first, the proxy remains in the ADFS configuration. Force remove it: