Web Application Proxy PowerShell Cheat Sheet

As Web Application Proxy is a standard Windows Server role service, you can use many Windows Server PowerShell tools to control Web Application Proxy:

Shows Web Application Proxy Windows services status Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’|fl-property*
Shows the configuration of Web Application Proxy Windows service Get-WmiObject-ClassWin32_Service-PropertyStartMode-Filter”Name=’appproxysvc'”
Get Best Practices Analyzer (BPA) results for the Remote Access role Invoke-BpaModel Microsoft/Windows/RemoteAccessServer ;
Get-BpaResultMicrosoft/Windows/RemoteAccessServer
List all the events that Web Application Proxy had in the last 24 hours with their ID, Level and Message. $yesterday = (Get-Date) – (New-TimeSpan -Day 1) ;
Get-WinEvent-FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; StartTime=$yesterday} |group-PropertyID,LevelDisplayName,Message-NoElement|sortCount,Name-Descending|ft-AutoSize
Read Web Application Proxy registry keys Get-ItemPropertyhklm:\software\microsoft\appproxy
Read Web Application Proxy performance counters at current point Get-Counter’\Web Application Proxy\*’
Return the number of currently active requests (Get-Counter ‘\Web Application Proxy\active requests’).CounterSamples.CookedValue

 

cmdlet alias
Add-WebApplicationProxyApplication awpa
Get-WebApplicationProxyApplication gwpa
Set-WebApplicationProxyApplication swpa
Remove-WebApplicationProxyApplication rwpa
Get-WebApplicationProxyConfiguration gwpc
Set-WebApplicationProxyConfiguration swpc
Get-WebApplicationProxyAvailableADFSRelyingParty gwpr
Get-WebApplicationProxyHealth gwph

 

Show published applications that have ADFS as their preauthentication method Get-WebApplicationProxyApplication | ? {$_.ExternalPreauthentication -eq ‘ADFS’}
Export all published applications to a file Get-WebApplicationProxyApplication | Export-Clixml “ExportedApps”
Import published applications from a file Import-Clixml “ExportedApps” | Add-WebApplicationProxyApplication
Getting full help on the set command Get-Help -Full Set-WebApplicationProxyApplication
List all the details on all the certificates that are used by published apps.
Note: the cert: provider does not support filter
$WAP_Certs = (gwpa).ExternalCertificateThumbprint | sort –Unique ;
dir Cert:\LocalMachine\my |? {$WAP_Certs -contains $_.Thumbprint} | fl -Property *
Add a machine to the Web Application Proxy connected servers list swpc -ConnectedServersName ((gwpc).ConnectedServersName + ‘ServerToAdd’)
Remove a machine from the Web Application Proxy connected servers list swpc –ConnectedServersName ((gwpc).ConnectedServersName -ne ‘ServerToRemove’)

 

And finally, here are some tricks for managing Web Application Proxy multi-machine deployments:

 

 

Show the status of Web Application Proxy related services on all the connected servers grouped by their status.
Note: Same syntax would work with any command that supports the ComputerName parameter. E.g. set-service, get-process
Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’-ComputerName ((gwpc).ConnectedServersName) |sortStatus,MachineName,Name|ftMachineName,Name-AutoSize-GroupByStatus
Restart the Web Application Proxy service on all the connected servers and print the name of the machines Invoke-Command -ScriptBlock {Restart-Service ‘appproxysvc’; (Get-WmiObject -Class Win32_ComputerSystem).Name} -ComputerName ((gwpc).ConnectedServersName)
Show the names of all the connected servers that had event 12000 in the last 10 hours Foreach ($Server in (gwpc).ConnectedServersName){Get-WinEvent -FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; ID=12000; StartTime=(Get-Date) – (New-TimeSpan -hour 10)} -ComputerName $Server -ErrorAction SilentlyContinue | group MachineName -NoElement | ft Name -HideTableHeaders }
Show all IP addresses of all servers in the cluster.
Note:
1. This will work only if remote management is enabled on all servers using Kerberos
2. Same syntax would work with any command that supports the CimSession parameter
3. New-CimSession can accept admin credentials.
Get-NetIPAddress-CimSession (New-CimSession-ComputerName ((gwpc).ConnectedServersName)) |ftIPAddress

 

Leave a Reply

Your email address will not be published. Required fields are marked *