# View all registered WAP servers Get-WebApplicationProxyConfiguration Get-WebApplicationProxyEndpoint Review recent proxy errors Get-EventLog -LogName "AD FS/Admin" -EntryType Error | Select-Object -First 20
simply reinstall Windows on the same hostname and rejoin it to the cluster without first removing the trust. A reused hostname with an orphaned trust will cause a “duplicate proxy” error during reconfiguration. Best Practices Checklist for WAP Cluster Maintenance ✅ Always maintain an odd number of WAP nodes (1, 3, 5) when using default load balancer session persistence. Even-numbered clusters can cause split-brain conditions during AD FS proxy trust certificate renewal. remove web application proxy server from cluster
✅ . If total CPU on remaining nodes exceeds 70% sustained, add a replacement node before removing a second one. Set-AdfsSyncProperties -PrimaryComputerName <
# On AD FS primary Remove-AdfsWebApplicationProxyRelyingPartyTrust -TargetName "WAP-DEAD-SRV" -Force Then, manually delete the computer object from the DMZ OU in Active Directory. The WAP role itself is gone forever. No further cleanup on the dead machine is possible – just physically decommission it. remove web application proxy server from cluster
Set-AdfsSyncProperties -PrimaryComputerName <PrimaryADFS> -Role PrimaryComputer Sync-AdfsFarm Cause: Sticky sessions (session persistence) on the load balancer still map to the removed node’s cookie. Fix: Reset the load balancer’s session table or change persistence method to “Client IP + Port” temporarily. Alternative: Demoting vs. Forced Removal What if the WAP server is offline and unrecoverable (e.g., dead disk, ransomware-locked)?
# List all proxy trusts Get-AdfsWebApplicationProxyRelyingPartyTrust Example output: "WAP-SRV-02.contoso.com" Remove the trust (irreversible) Remove-AdfsWebApplicationProxyRelyingPartyTrust -TargetName "WAP-SRV-02.contoso.com" Confirm removal Get-AdfsEndpoint -Proxy $true | Where-Object $_.ProxyTrust -eq "WAP-SRV-02.contoso.com"
A WAP cluster is a collection of two or more WAP servers sharing the same configuration, load-balanced behind a hardware or software load balancer (like Azure Load Balancer, F5, or NGINX). Clusters provide high availability (HA) and fault tolerance.