Transporting Role to QA

Hi,
I have a question, if we re-transport the role from DEV to QA (with new changes),
will it bring the authorization profile attached to the role in DEV with it, overriding whatever authorization profile already setup in QA?

Yes, the new transport of role will overwrite also the authorization profile.
Hope it helps.
Regards

Similar Messages

  • Error while creating Transport role

    Hi,
    I have created a new transport role - " Transport manager"  but unfortunately the import function of that doens,t work. It gives Error: "Unexpected Error. See System log for more details...."
    In the NWA i see:  ' ( ' com.sapportals.portal.transport.ui.ImportComponent ')' ImportComponent.doOnUpdatePreviewPage(): unexpected error; action=onBrowse.
    The same role assigned to user with content admin and system admin rights works fine.
    Any ideas?
    Many thanks,
    Dharmi

    Hi Kotty,
    Read it loud......
    import of role failed or after importing users unable to see?
    >> Neither. I am referring here to the standard ' import'  function provided by SAP for System Administration -> Transport -> Transport Packages -> Import..
    You told system admins and content admins can able to see that role . So,please check end user permission of that role and assign it to relevant groups or everyone if you want to allo all users to see.
    >> I mentioned, that If I (having Content admin and System Admin rights) am assigned the Transport Manager role, then I don't get an error.
    Whilst if this role is given to the transport manager wherein he has just this Transport manager role. ...only with import function -> server option selected ->clicking on search gives an error.....
    This transport manager role is created by making a copy of System Admin workset and assigning only the Transport related activities.
    Regards,
    Dharmi

  • Installing Exchange 2010 on Server 2008 R2 Get error with Hub Transport Role

    Hub Transport Role
    Failed
    Error:
    The following error was generated when "$error.Clear();
              install-MsiPackage `
              -PackagePath ($RoleInstallPath + "TransportRoles\agents\Hygiene\ASEntIRS.MSI") `
              -LogFile ($RoleSetupLoggingPath + "\InstallASEntIRS.msilog") `
              -PropertyValues ("ALLUSERS=1") `
              -UpdatesDir $RoleUpdatesDir
            " was run: "Installing product D:\Program Files\Microsoft SQL Server\Microsoft\Exchange Server\V14\TransportRoles\agents\Hygiene\ASEntIRS.MSI failed. Fatal error during installation. Error code is 1603.".
    Installing product D:\Program Files\Microsoft SQL Server\Microsoft\Exchange Server\V14\TransportRoles\agents\Hygiene\ASEntIRS.MSI failed. Fatal error during installation. Error code is 1603.
    Fatal error during installation
    Elapsed Time: 00:00:01
    Client Access Role
    Cancelled

    Hi,
    From the description, I recommend you copy the Exchange installation files to the local machine, or download a fresh copy of Exchange 2010 and then reinstall it.
    Besides, please ensure that you install Exchange 2010 on 64-bit edition of Windows Server 2008 R2 Standard with SP1 or Windows Server 2008 R2 Enterprise with SP1.
    If the issue persists, please refer to the following KB further troubleshooting.
    You receive error 1603 when you try to install the Exchange Server 2010 RU1
    https://support.microsoft.com/kb/981474
    Hope it helps.
    If you need further assistance, please feel free to let me know.
    Best regards,
    Amy
    Amy Wang
    TechNet Community Support

  • Transport roles and analysis authorization with user assigned

    Hi expert,
    I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
    Thanks for your time,
    Luis

    Hi,
    In role administration, you have the following options for transporting roles:
    You can download the roles from one system and upload them into another  
    You can import the role from a remote system using RFC  
    You can transport the roles with the transport function.
    Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
    Transporting Roles with the Role Transport Function
           1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
           2.      Enter the role to be transported and choose Transport Role.
    The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
    You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
    For more information go thrpugh the below link
    http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
    Regards,
    Marasa.

  • Service 'MSExchangeADTopology' failed to reach status 'Running' while installing Hub transport role of exchnage server 2010 sp1 on Window Server 2008 r2

    Hi
    Getting this error while installing hub transport role of exchange server 2010 sp1 on window server 2008 R2.
    Hub Transport Role
    Failed
    Error:
    The following error was generated when "$error.Clear();
              if ($exsSid -eq $null -or $exsSid -eq "")
              $exsSid = get-ExchangeServerGroupSID -DomainController $RoleDomainController
              start-setupservice -ServiceName MSExchangeADTopology -ServiceParameters $exsSid,$RoleDomainController
            " was run: "Service 'MSExchangeADTopology' failed to reach status 'Running' on this server.".
    Service 'MSExchangeADTopology' failed to reach status 'Running' on this server.
    Click here for help...
    http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&e=ms.exch.err.Ex88D115&l=0&cl=cp
    Elapsed Time: 00:25:35
    Sandeep Gupta

    Hi,
    It might be a permission issue.
    1 :
    Add Manage auditing and security log Properties
    Administative Tools > Local Security Policy > Local Policies > User Rights
    Assignment > Manage auditing and security
    Add
    Exchance Servers.
    2. Check Exchange Trusted Subsystem
    1)Open Active Directory Users and Computers
    2)Under domain name (For example contoso.com),navigate to the Builtin Container,on
    the right hand side select the Administrator group,goto the properties
    3)Click members tab and add Exchange Trusted Subsystem
    4)Click ok twice
    5)Reboot the Exchange server
    6)Rerun the Exchange setup
    Best Regards!

  • Transported Roles not Visible for the User Log-in

    I have three roles in the development system.  These roles show up in the top level navigation for the users in the dev system.  All these roles and the underlying BSPs are transported to QA successfully.  I could assign them to users without any problems, but when the users log-in they can not see any of these roles at the top level navigation (In fact, they just get a blank screen).  "Entry Point" setting and "Sort Priority" is maintained for all the three roles.
    As a test, I created a new role with the same BSP links in QA itself and assigned it to the users.  This shows up in the top level navigation for the users.  I am wondering what's wrong with the transported roles!  If someone could help me here that would be great and I will assign points to helpful replies.  I have a very basic knowledge in portal.

    After applying SP12 in the portal landscape (EP 6.0), the role transports only work in our test environment, but not in production.  Even the manual corrections suggested in OSS note 1002832 didn't help.  I can preview all the iviews in the roles with my user id (admin id), but as soon as I log-in with the end user id nothing shows up [Not even the top level navigation tabs show up].  The following is the portal authorization methodology I chose.
    1. I assign users to the user groups
    2. I assign user groups to the roles
    I want to emphasize that all is well in our test environment, it is the production environment that shows inconsistency.  Let me know if anyone has any pointers.

  • Co-Locate Client Access and Edge Transport Role on Same Server?

    Co-Locate Client Access and Edge Transport Role on Same Server?
    Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
    jon

    No.
    Unless something has radically changed from before...
    EDIT
    No, nothing has changed:
    "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
    Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
    http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • Managing Exchange Edge Transport Role from my workstation

    Hi Guys
    I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
    What ports EMC 2010 is using? so I can open them on firewall.
    How can I add edge transport server in my EMC when ports are opened?
    Thanks in Advance
    Farhad

    Hi Farhad,
    I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
    http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
    Information :
    1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
    2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
    Thanks

  • How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

    How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

    Hi,
    Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
    If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
    Thanks.
    MachPanel - Premium Cloud Automation Solution

  • Transporting roles from dev to qa and prod servers ep6sp11

    Hi
    We have EP6 SP11 -erp2004
    I will be transporting roles from the dev environment to a QA(quality assurance) and a production portal server.
    Only the roles needs to be transported, <b>no</b> user assignments to be transported.
    I have read some docs on this and would just like to confirm this is the procedure:
    Basically:
    1.Export the roles to a common directory
    2.Importing it in qa and prod
    3. From here onwards i need help on..Do i add the roles through delta links??? What other steps needs to be done?

    Hi Pradeep
    Thanx for your reply.
    With the exception of the delta link assignment, i will assign it directly, I can just follow the procedure i have written?
    RD

  • How to transport roles, pages and iViews in the PCD from DEV to QA

    Hi
    Please would someone telll me how I can transport/move roles, pages and iViews we have created in our own area of the Portal Content Directory from our Development to our QA portal environment.
    Kind Regards
    Claire

    Hi,
    Please check help.sap.com.
    http://help.sap.com/saphelp_nw70/helpdata/en/c5/56599164d0c04cb566ba0e2d7ed55c/frameset.htm
    Your Basis/NetWeaver consultants can help you.
    Regards,
    Masa

  • Exchange Server 2013 Edge Transport Role

    Dear,
             I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
    Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
    to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
    TMG is expired"..
    Kindly provide me possible ways or URL so I will configure it..
    Thanks.
     Fuzail (FM)

    Hi,
    Is there any further question on this thread?
    Thanks,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Simon Wu
    TechNet Community Support

  • No authorization for transporting role PW1_BW_Developer1_menu

    How to fix this error message which getting while collecting reports and web templates in transport
    Thanks
    MK

    I just need to collect queries and templates but when i selected grouping in data flow afterwards it is collectiong specific query, query elements, infocube or multiprovider and template. In front of infocube or multiprovider it says it is required and i dont see any roles .
    And also not sure if i m supposed to collect infocube or multiprovider as it is  saying it is required.
    Thanks
    MK

  • Transporting role menu and workbook created diurectly in production system

    Hi gurus,
    We have several workbooks (and queries) that are created directly in production system. thoose workbooks are connected to a role that is created in development system and transported to production system.
    Now, we would like modify this role in development then tranport it on production system, but we are afraid that will be wiped out (overwrite) our production system workbooks (because the role not contains this workbook in development).
    Could you please explain to us what we have to do in order to not wiped out our production workbooks.
    Thank you in advance

    thank you, it's more clear for me...
    Exactly, to have all my requests and workbook in development, I tried to use "Transport order of copy (it means transport queries from Production system to development system)", then to connect them with the corresponding roles in development, but I have the think that BW considers them as new requests when I re-transport them again on the prod.)
    Could you say me if i can transport my production system queries on my development system, and manage them in this system (development) in the future.
    Thank you in advance

  • Error During Exchange 2013 Mailbox Transport Role Install On Server 2012

    I was installing Exchange 2013 on Server 2012.  The server is not a DC, but is a member of a domain with a 2008 R2 functional level, and I was logged in as a domain admin.  There has never been an Exchange instance on this domain.  I got past
    the prerequisite checks, and the installer showed 15 steps, so I walked away.  When I came back, I saw this:
    Step 8 of 15: Mailbox role: Transport service
    Error:
    The following error was generated when "$error.Clear();
              $maxWait = New-TimeSpan -Minutes 8
              $timeout = Get-Date;
              $timeout = $timeout.Add($maxWait);
              $currTime = Get-Date;
              $successfullySetConfigDC = $false;
              while($currTime -le $timeout)
                $setSharedCDCErrors = @();
                try
                  Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
                  $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
                  if($successfullySetConfigDC)
                    break;
                  Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
                catch
                  Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
                Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
                Start-Sleep -Seconds 30;
                $currTime = Get-Date;
              if( -not $successfullySetConfigDC)
                Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
            " was run: "Unable to set shared config DC.".
    The only option on the screen was exit, so I did.  I checked the start menu, and there were two new Exchange icons, but I did not click them.  I ran the installer again, and it detected an incomplete install, the only option was to click next to
    finish the install, so I clicked next.  This time, I eventually got the same error, except the screen showed "Step 8 of 15: Mailbox role: Transport service."  I did install some Exchange 2010 prerquisites on the server before Exchange Server 2013
    came out, and I can rebuild the server and try the install again if that would be best, but I thought I should post here first and try to work through this since the product is so fresh.  Any suggestions?

    I've tried three times since my last post, following
    http://msexchange2010.info/archives/2330 as closely as possible the most recent time.  I am consistently getting the same error that appears to imply I don't have write access to the domain.  I don't understand this, because I am using the
    same domain admin account I have been using all along.  Nonetheless, here is the powershell output starting with the first Exchange setup.exe step (all other steps were already performed, all available updates were installed, and the server was rebooted
    prior to this):
    Windows PowerShell
    Copyright (C) 2012 Microsoft Corporation. All rights reserved.
    PS (domain admin home)> D:
    PS D:\> .\Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
    Welcome to Microsoft Exchange Server 2013 Unattended Setup
    Copying Files...
    File copy complete. Setup will now collect additional information needed for installation.
    Performing Microsoft Exchange Server Prerequisite Check
    Prerequisite Analysis COMPLETED
    Configuring Microsoft Exchange Server
    Extending Active Directory schema COMPLETED
    The Exchange Server setup operation completed successfully.
    PS D:\> .\Setup.exe /PrepareAD /OrganizationName:PRD-INC /IAcceptExchangeServerLicenseTerms
    Welcome to Microsoft Exchange Server 2013 Unattended Setup
    Copying Files...
    File copy complete. Setup will now collect additional information needed for installation.
    Performing Microsoft Exchange Server Prerequisite Check
    Prerequisite Analysis COMPLETED
    Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have b
    een detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
    For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.
    aspx
    Configuring Microsoft Exchange Server
    Organization Preparation COMPLETED
    The Exchange Server setup operation completed successfully.
    PS D:\> .\Setup.exe /Mode:Install /Roles:ClientAccess, Mailbox, ManagementTools /t E:\Exchange /IAcceptExchangeServe
    rLicenseTerms
    Welcome to Microsoft Exchange Server 2013 Unattended Setup
    Copying Files...
    File copy complete. Setup will now collect additional information needed for installation.
    Languages
    Management tools
    Mailbox role: Transport service
    Mailbox role: Client Access service
    Mailbox role: Unified Messaging service
    Mailbox role: Mailbox service
    Client Access role: Front End Transport service
    Client Access role: Client Access Front End service
    Performing Microsoft Exchange Server Prerequisite Check
    Configuring Prerequisites COMPLETED
    Prerequisite Analysis COMPLETED
    Configuring Microsoft Exchange Server
    Preparing Setup COMPLETED
    Stopping Services COMPLETED
    Copying Exchange Files COMPLETED
    Language Files COMPLETED
    Restoring Services COMPLETED
    Language Configuration COMPLETED
    Exchange Management Tools COMPLETED
    Mailbox role: Transport service COMPLETED
    Mailbox role: Client Access service COMPLETED
    Mailbox role: Unified Messaging service COMPLETED
    Mailbox role: Mailbox service FAILED
    The following error was generated when "$error.Clear();
    if ($RoleIsDatacenter -ne $true)
    if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
    $sysMbx = $null;
    $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
    $dispName = "Microsoft Exchange";
    Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
    $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
    if ($mbxs.Length -eq 0)
    Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
    $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
    if ($dbs.Length -ne 0)
    Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
    $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
    if ($arbUsers.Length -ne 0)
    Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
    $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0
    ].Identity;
    else
    if ($mbxs[0].DisplayName -ne $dispName )
    Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
    Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
    $sysMbx = $mbxs[0];
    # Set the Organization Capabilities needed for this mailbox
    if ($sysMbx -ne $null)
    # We need 1 GB for uploading large OAB files to the organization mailbox
    Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
    set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions
    :$true -MailRouting:$true -MaxSendSize 1GB -Force;
    else
    Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
    else
    Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
    " was run: "Database is mandatory on UserMailbox.".
    The following error was generated when "$error.Clear();
    if ($RoleIsDatacenter -ne $true)
    if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
    $sysMbx = $null;
    $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
    $dispName = "Microsoft Exchange";
    Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
    $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
    if ($mbxs.Length -eq 0)
    Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
    $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
    if ($dbs.Length -ne 0)
    Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
    $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
    if ($arbUsers.Length -ne 0)
    Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
    $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0
    ].Identity;
    else
    if ($mbxs[0].DisplayName -ne $dispName )
    Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
    Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
    $sysMbx = $mbxs[0];
    # Set the Organization Capabilities needed for this mailbox
    if ($sysMbx -ne $null)
    # We need 1 GB for uploading large OAB files to the organization mailbox
    Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
    set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions
    :$true -MailRouting:$true -MaxSendSize 1GB -Force;
    else
    Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
    else
    Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
    " was run: "Database is mandatory on UserMailbox. Property Name: Database".
    The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the
    <SystemDrive>:\ExchangeSetupLogs folder.
    PS D:\>
    I am cleaning out in ADSI and rebuilding the server for now, because the server is behaving oddly (not as oddly as it was with 6GiB, but oddly, nonetheless).  I probably won't try to install Exchange again before tomorrow.  What should I do to prevent
    encountering the above again and/or if I encounter it again?

  • Edge Transport Role as Email Gateway

    Hi Experts,
    We are planing to deploy exchange email server (Exchange Server-2013 Multi-Role servers) in our HQ (contoso.com) and 4 Edge Transport in other 4  client development sites(client1.com, clinet2.com, client3.com and Client4.com) so that applications running
    in HQ can send emails to respective client development sites domain using edge transport. Development sites are using external email address (mail.clinet1.com and so on). There is no requirement of incoming mail on Edge in Client site because they have compete
    hosted email solution. Just our Edge transport in client will process the mail received from HQ and will forward to Client's  External email address.
    I would appreciate if you can help me to get answer for these queries.
    Do you think this conceptual design is possible? Exchange solution in HQ and Edge transport in Client site and that Edge will forward emails to External Domain using send connector for  restive client's domain? 
    What secure (Only secure) port we need to open on Edge so that It can talk to External Email servers to deliver emails? 
    If we don't want to expose our Multi-Role exchange severs in HQ to Internet , do you think Exchange server in HQ  should be capable for incoming emails using one additional EDGE or still need to expose CAS services in HQ. We need Outlook, OWA and
    Active Sync as well for HQ (contoso.com).
    What secure port we need to open in case of CAS server? 

    Hi  Lynx
    Thank you for your question.
    I think you have a CAS and mailbox in your site. In order to receive HQ’s email, you can create accept domain, you can refer to the following link:
    http://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
    in your HQ, I suggest you can separate multi-role servers into two parts, you can do NLB and DAG, because NLB cannot co-existed with DAG. I also suggest you have an edge server in your HQ.
    If client site want to talk to external email, you need to register domain name in your ISP, for example mail.domain.com,autodiscovery.domain.com……
    Secure ports were opened  that is determined  the connect way of your outlook; the more details you can refer to the following link:
    http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
    If there are any questions, please let me know.
    Best Regard,
    Jim

Maybe you are looking for