As Web Application Proxy is a standard Windows Server role service, you can use many Windows Server PowerShell tools to control Web Application Proxy:
Shows Web Application Proxy Windows services status | Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’|fl-property* |
Shows the configuration of Web Application Proxy Windows service | Get-WmiObject-ClassWin32_Service-PropertyStartMode-Filter”Name=’appproxysvc'” |
Get Best Practices Analyzer (BPA) results for the Remote Access role | Invoke-BpaModel Microsoft/Windows/RemoteAccessServer ; Get-BpaResultMicrosoft/Windows/RemoteAccessServer |
List all the events that Web Application Proxy had in the last 24 hours with their ID, Level and Message. | $yesterday = (Get-Date) – (New-TimeSpan -Day 1) ; Get-WinEvent-FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; StartTime=$yesterday} |group-PropertyID,LevelDisplayName,Message-NoElement|sortCount,Name-Descending|ft-AutoSize |
Read Web Application Proxy registry keys | Get-ItemPropertyhklm:\software\microsoft\appproxy |
Read Web Application Proxy performance counters at current point | Get-Counter’\Web Application Proxy\*’ |
Return the number of currently active requests | (Get-Counter ‘\Web Application Proxy\active requests’).CounterSamples.CookedValue |
cmdlet | alias |
Add-WebApplicationProxyApplication | awpa |
Get-WebApplicationProxyApplication | gwpa |
Set-WebApplicationProxyApplication | swpa |
Remove-WebApplicationProxyApplication | rwpa |
Get-WebApplicationProxyConfiguration | gwpc |
Set-WebApplicationProxyConfiguration | swpc |
Get-WebApplicationProxyAvailableADFSRelyingParty | gwpr |
Get-WebApplicationProxyHealth | gwph |
Show published applications that have ADFS as their preauthentication method | Get-WebApplicationProxyApplication | ? {$_.ExternalPreauthentication -eq ‘ADFS’} |
Export all published applications to a file | Get-WebApplicationProxyApplication | Export-Clixml “ExportedApps” |
Import published applications from a file | Import-Clixml “ExportedApps” | Add-WebApplicationProxyApplication |
Getting full help on the set command | Get-Help -Full Set-WebApplicationProxyApplication |
List all the details on all the certificates that are used by published apps. Note: the cert: provider does not support filter |
$WAP_Certs = (gwpa).ExternalCertificateThumbprint | sort –Unique ; dir Cert:\LocalMachine\my |? {$WAP_Certs -contains $_.Thumbprint} | fl -Property * |
Add a machine to the Web Application Proxy connected servers list | swpc -ConnectedServersName ((gwpc).ConnectedServersName + ‘ServerToAdd’) |
Remove a machine from the Web Application Proxy connected servers list | swpc –ConnectedServersName ((gwpc).ConnectedServersName -ne ‘ServerToRemove’) |
And finally, here are some tricks for managing Web Application Proxy multi-machine deployments:
Show the status of Web Application Proxy related services on all the connected servers grouped by their status. Note: Same syntax would work with any command that supports the ComputerName parameter. E.g. set-service, get-process |
Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’-ComputerName ((gwpc).ConnectedServersName) |sortStatus,MachineName,Name|ftMachineName,Name-AutoSize-GroupByStatus |
Restart the Web Application Proxy service on all the connected servers and print the name of the machines | Invoke-Command -ScriptBlock {Restart-Service ‘appproxysvc’; (Get-WmiObject -Class Win32_ComputerSystem).Name} -ComputerName ((gwpc).ConnectedServersName) |
Show the names of all the connected servers that had event 12000 in the last 10 hours | Foreach ($Server in (gwpc).ConnectedServersName){Get-WinEvent -FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; ID=12000; StartTime=(Get-Date) – (New-TimeSpan -hour 10)} -ComputerName $Server -ErrorAction SilentlyContinue | group MachineName -NoElement | ft Name -HideTableHeaders } |
Show all IP addresses of all servers in the cluster. Note: 1. This will work only if remote management is enabled on all servers using Kerberos 2. Same syntax would work with any command that supports the CimSession parameter 3. New-CimSession can accept admin credentials. |
Get-NetIPAddress-CimSession (New-CimSession-ComputerName ((gwpc).ConnectedServersName)) |ftIPAddress |