# Temporarily mark the server as down in the upstream block upstream backend_wan server 10.0.0.10:80; # Keep this server 10.0.0.11:80 down; # Mark removal node as down
| Pitfall | Symptom | Solution | | :--- | :--- | :--- | | | Clients intermittently fail to reach the site; ping works sometimes. | Clear neighbor cache: arp -d <removed_node_ip> on routers. | | Orphaned ADFS Proxy Trust | Event ID 102 on internal ADFS: "The proxy was unreachable." | Run Get-AdfsProxy | Remove-AdfsProxy on ADFS server. | | SSL Session Resumption | Some browsers connect fine; others (older) hang. | Remaining nodes must share the same SSL session cache (Redis/Memcached). Reconfigure after removal. | | Sticky Sessions (Persistence) | Users suddenly see "Your session has expired." | The removed node held memory-based session data. Migrate to distributed cache (Redis) before removal. | Part 7: Automating the Removal (Ansible Playbook Example) For enterprises, manual removal is a liability. Here is an Ansible snippet to idempotently remove a WAP node. remove web application proxy server from cluster
- name: Uninstall WAP feature win_feature: name: Web-Application-Proxy state: absent # Temporarily mark the server as down in
Introduction: The Art of Surgical Infrastructure Removal | | SSL Session Resumption | Some browsers
# For Windows WAP Get-WebApplicationProxyApplication | Select-Object ExternalURL, BackendServerURL, ExternalCertificateThumbprint If your cluster sits behind a hardware or software load balancer (F5, AWS NLB, HAProxy), verify the health probe settings. Does the balancer use a simple TCP handshake, or does it probe a specific URL ( /wap/health )? Removing the node before updating the LB will cause traffic to route to a black hole. Part 2: Graceful Quiescing – Draining the Traffic A hard shutdown is the enemy of production stability. You must "drain" the node. 2.1 Stop New Sessions (The "Drain" Step) Instruct the load balancer or the proxy itself to stop accepting new connections while finishing existing ones.
- name: Gracefully remove WAP node from cluster hosts: wap_removal_target become: yes tasks: - name: Stop web application proxy service service: name: W3SVC state: stopped ignore_errors: yes - name: Remove server from load balancer pool via API (F5 example) uri: url: "https://lb-manager/mgmt/tm/ltm/pool/wap_pool/members" method: DELETE body: '"name":" ansible_default_ipv4.address :443"' headers: Authorization: "Bearer f5_token " delegate_to: localhost