On (run as Administrator):
✅ in your CMDB – including dates, who performed the removal, and the reason. remove web application proxy server from cluster
# List all proxy trusts Get-AdfsWebApplicationProxyRelyingPartyTrust Example output: "WAP-SRV-02.contoso.com" Remove the trust (irreversible) Remove-AdfsWebApplicationProxyRelyingPartyTrust -TargetName "WAP-SRV-02.contoso.com" Confirm removal Get-AdfsEndpoint -Proxy $true | Where-Object $_.ProxyTrust -eq "WAP-SRV-02.contoso.com" On (run as Administrator): ✅ in your CMDB
✅ – change the recovery order to exclude the removed server. Fix: Reset the load balancer’s session table or
Set-AdfsSyncProperties -PrimaryComputerName <PrimaryADFS> -Role PrimaryComputer Sync-AdfsFarm Cause: Sticky sessions (session persistence) on the load balancer still map to the removed node’s cookie. Fix: Reset the load balancer’s session table or change persistence method to “Client IP + Port” temporarily. Alternative: Demoting vs. Forced Removal What if the WAP server is offline and unrecoverable (e.g., dead disk, ransomware-locked)?
# View all registered WAP servers Get-WebApplicationProxyConfiguration Get-WebApplicationProxyEndpoint Review recent proxy errors Get-EventLog -LogName "AD FS/Admin" -EntryType Error | Select-Object -First 20