Watch the logs in real-time to confirm traffic has stopped.
Only proceed when the counters hit zero.
Removing the server from the cluster is only 70% of the job. You must now erase its existence from other infrastructure components. remove web application proxy server from cluster
Step 1: Remove from AD FS Trust Relationship On the AD FS server (primary):
# List all WAP servers
Get-WebApplicationProxyEndpoint
If you had two remaining nodes, manually take one offline (simulate failure). Verify the remaining single node handles the load. This proves your cluster isn't "hanging by a thread." Watch the logs in real-time to confirm traffic has stopped
Subject: Change Notification - Removal of Web Application Proxy Node
Description of Change:
On [Date] at [Time], the Web Application Proxy server [Server Name] was successfully removed from the production cluster. Only proceed when the counters hit zero
Impact:
No service interruption occurred during the maintenance window. The remaining nodes in the cluster continue to handle authentication traffic within the defined capacity thresholds.
Justification:
This removal was performed to [Reason, e.g., decommission outdated hardware / address performance issues / re-provision the server].
Verification:
Post-removal validation confirmed that the server is no longer syncing with the AD FS infrastructure and that external access to published applications remains operational.