- name: Clean ADFS trust (run on ADFS server) win_shell: | Remove-WebApplicationProxyEndpoint -TargetProxyFQDN " ansible_fqdn " delegate_to: adfs_internal_server Removing a web application proxy server from a cluster is not merely a matter of turning off a switch. It is a process of quiescing, disconnecting, cleaning, and validating . The difference between a professional team and an amateur one is visible in the post-removal state.
Use the socket CLI to set the server state to maint (maintenance): remove web application proxy server from cluster
- name: Uninstall WAP feature win_feature: name: Web-Application-Proxy state: absent - name: Clean ADFS trust (run on ADFS
Edit /etc/nginx/conf.d/upstreams.conf and remove the server line for the target IP. Use the socket CLI to set the server
- name: Gracefully remove WAP node from cluster hosts: wap_removal_target become: yes tasks: - name: Stop web application proxy service service: name: W3SVC state: stopped ignore_errors: yes - name: Remove server from load balancer pool via API (F5 example) uri: url: "https://lb-manager/mgmt/tm/ltm/pool/wap_pool/members" method: DELETE body: '"name":" ansible_default_ipv4.address :443"' headers: Authorization: "Bearer f5_token " delegate_to: localhost
Introduction: The Art of Surgical Infrastructure Removal
# Uninstall the Web Application Proxy role Uninstall-WindowsFeature Web-Application-Proxy Wait for completion. This removes the configuration but does not clean the ADFS side.