| | Likely Cause | Solution | |-------------|------------------|---------------| | Remaining nodes show high error rate | Stale session affinity to removed node | Clear LB persistence tables, restart session store | | AD FS error 249 (Proxy not found) | Orphaned proxy endpoint in AD FS config | Run Remove-WebApplicationProxyEndpoint with -Force | | Users get “503 Service Unavailable” | Backend web app not reachable from remaining nodes | Check routing tables, firewalls, DNS on remaining nodes | | Certificate mismatch warning | Removed node’s cert was unique, not shared | Export cert from remaining node and ensure binding | | Configuration changes lost | Node had local overrides not in CMDB | Enforce infrastructure-as-code for future changes |
"To remove a Web Application Proxy server from the cluster, log in to the specific server and open PowerShell as an Administrator. Run the command Remove-WebApplicationProxyServer and confirm the prompt. Once complete, verify the removal by running Get-WebApplicationProxyServer on a remaining node to ensure the list no longer includes the decommissioned server. Finally, update the external load balancer to stop forwarding traffic to that IP address." remove web application proxy server from cluster
Tonight, the physician had to become the executioner. Finally, update the external load balancer to stop
# Certificates used for proxy trust certlm.msc → Personal → Certificates → Delete any issued by "AD FS Proxy Trust CA" remove web application proxy server from cluster
%windir%\system32\inetsrv\appcmd.exe list config /section:webFarms > C:\Backup\webfarm.txt