Remove Web Application Proxy Server From Cluster <4K>

Reload NGINX gracefully: nginx -s reload . Existing persistent connections will finish; new ones bypass it.

# For Windows WAP Get-WebApplicationProxyApplication | Select-Object ExternalURL, BackendServerURL, ExternalCertificateThumbprint If your cluster sits behind a hardware or software load balancer (F5, AWS NLB, HAProxy), verify the health probe settings. Does the balancer use a simple TCP handshake, or does it probe a specific URL ( /wap/health )? Removing the node before updating the LB will cause traffic to route to a black hole. Part 2: Graceful Quiescing – Draining the Traffic A hard shutdown is the enemy of production stability. You must "drain" the node. 2.1 Stop New Sessions (The "Drain" Step) Instruct the load balancer or the proxy itself to stop accepting new connections while finishing existing ones. remove web application proxy server from cluster

- name: Uninstall WAP feature win_feature: name: Web-Application-Proxy state: absent Reload NGINX gracefully: nginx -s reload

- name: Gracefully remove WAP node from cluster hosts: wap_removal_target become: yes tasks: - name: Stop web application proxy service service: name: W3SVC state: stopped ignore_errors: yes - name: Remove server from load balancer pool via API (F5 example) uri: url: "https://lb-manager/mgmt/tm/ltm/pool/wap_pool/members" method: DELETE body: '"name":" ansible_default_ipv4.address :443"' headers: Authorization: "Bearer f5_token " delegate_to: localhost Does the balancer use a simple TCP handshake,

# Uninstall the Web Application Proxy role Uninstall-WindowsFeature Web-Application-Proxy Wait for completion. This removes the configuration but does not clean the ADFS side.