Step 1: assess impact. Priya checked active sessions and recent authentications. Only a small percentage of traffic had routed to node 03 in the last 10 minutes. No ongoing sign-ins were mid-flight. Good—she could safely drain it.
Silence.
WAP doesn't have a native "drain" command like a load balancer. Instead, remove it from the outer load balancer pool first, then wait for 5-10 minutes for existing Kerberos tokens and WAP cookies to expire. remove web application proxy server from cluster
This guide focuses on the Microsoft implementation where WAP servers are part of an Active Directory Federation Services (AD FS) infrastructure, though the principles apply to most proxy cluster architectures.
This method ensures the trust relationship between the WAP server and the internal AD FS farm is cleanly revoked before the server is taken offline. Step 1: assess impact
After completing the removal, verify that the proxy has been removed and that the cluster is healthy.
If using a custom proxy cluster with shared configuration: No ongoing sign-ins were mid-flight
But WAP-03 had grown tired.
To ensure long-term environment health, complete these final maintenance steps across your network infrastructure: 1. Active Directory and DNS Clean Up
# On AD FS server Get-ADFSWebApplicationProxyRelyingPartyTrust -Name <proxy_node> | Remove-ADFSWebApplicationProxyRelyingPartyTrust
Locate the zone handling your external application URLs and ADFS tracking (e.g., ://domain.com ).
Stay Secure with SSLInsights!
Subscribe to get the latest insights on SSL security, website protection tips, and exclusive updates.
✅ Expert SSL guides
✅ Security alerts & updates
✅ Exclusive offers