Wednesday, April 29, 2009

Publishing Site Provisioning

I recently ran into an issue with creating a site template that where I wanted to use the Publishing Feature. My end goal was to create a real site definition but I first wanted to try to create template directly in SharePoint. I quickly found out that if you have the "Office SharePoint Server Publishing" Feature turned, on the "Save site as template" will not be available. The most common solution that many suggested was to simply turn off the Publishing Feature, create the site template and then manually turn on the Pushing Feature.


However this would not work well because I am building an automated site provisioning processes using K2 blackpearl. Basically in this K2 blackpearl process I use an InfoPath form, get approval on the site request, and then dynamically generate the site with custom SharePoint groups. We are trying to drive SharePoint Governance with K2 blackpearl which will ensure that the site topology is organized well, SharePoint groups and users are managed in a repeatable process and system administrators can be less involved with creating sites. As well, I want to use customized site templates to ensure that all sites are presented in the same manner instead of being a hodge-podge mess of content. We are even going as far as adding standardized content types into the site templates with K2 workflows mapped to the content types to ensure that publication of the content always goes through a standard process.


Back to the original problem at hand – knowing that I am creating an automated process to site provisioning I cannot expect users to go in and manually turn on the Publishing Feature on the site. The options I came up with were the following:

  1. Create my own site template and in the ONET.xml add a dependency to turn on the Publishing Feature.
  2. Create stapling Feature that would turn on the Publishing Feature.
  3. Write some code that would turn on the Publishing Feature.
  4. There are more – but will stick to this for now…

Option 1 – Did not work as intended. I wanted to use the STS template. I followed best practices, created my own site template and then added <Feature FeatureId="94C94CA6-B32F-4da9-A9E3-1F3D343D7ECB" /> to the <WebFeatures> element in the onet.xml file. I also modified the <Modules> to have several custom web parts displayed on the default.aspx. Doing this made sure that the Publishing Feature was turned on when the site was provisioned by SharePoint. However the Publishing Feature would completely wipe out my home page (default.aspx) and all the changes I made to default.aspx in the onet.xml file were gone!!!


Now, if a manually create my site template and then manually turn on the Publishing Feature the default.aspx will not get wiped out. Since the Publishing Feature is being turned during the actual site creation process within SharePoint, SharePoint is allowing the Publishing Feature to take over the homepage. So this would not work for me.


Option 2 – My next solution was to create the following Site Stapling Feature:

<Feature Id="13F62CC1-22DE-4719-AA44-1BCACD9E2D50"
Title="ML Demo KB Site Staple"
Description="Associates publishing and content type binding to Site Template."
Version="1.0.0.0"
Scope="Site"
Hidden="FALSE"
xmlns="http://schemas.microsoft.com/sharepoint/">
<ElementManifests>
<ElementManifest Location="SiteStaple.xml" />
</ElementManifests>
</Feature>


<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
<!-- Web Publishing -->
<FeatureSiteTemplateAssociation Id="94C94CA6-B32F-4da9-A9E3-1F3D343D7ECB" TemplateName="KB#0" />
<!-- KB Content Type Binding -->
<FeatureSiteTemplateAssociation Id="AD644A91-BA8B-45ff-89FD-F96BCBEDC3BD" TemplateName="KB#0" />
</Elements>

As you can see the FeatureSiteTemplateAssociation is used to turn the custom features I need, including the Publishing Feature. The result was the exact same as Option 1. Again because the Publishing Feature is being activated during SharePoint's site provisioning process the default.aspx page is being overridden.

Option 3 – My ultimate solution was to add some code into my K2 blackpearl process to activate the Feature. I was pretty happy to say to that point I had no code yet in my process – however that is just not possible some days but that is why K2 blackpearl is so great. I basically added the following lines of code into my site provisioning process and I was able to completely replicate what I was able to do manually as a user within SharePoint.


The K2 Process






Code from "Activate Site Features"

//Activate the Features...
using (SPSite site = new SPSite(K2.StringTable["SharePoint Site Collection URL"]))
{
string webURL = K2.StringTable["KB Collaboration Site Logical Path"] + "/KB" +
K2.ProcessInstance.DataFields["New KB Number"].Value;

using (SPWeb web = site.OpenWeb(webURL))
{
SPFeatureCollection features = web.Features;

features.Add(new Guid(K2.StringTable["Publishing Feature"]), true);
features.Add(new Guid(K2.StringTable["Web Publishing Feature"]), true);
features.Add(new Guid(K2.StringTable["KB Content Type Binding Feature"]), true);
}
}

Wednesday, April 15, 2009

K2 blackpearl Developer Resources

I was just given some links to a really great resource for K2 Developers. Chris Geier at K2 has pulled this together and is managing it; this is great!

In it are good blog postings, K2 whitepapers, KB articles, MSDN articles, videos, etc. I still recommend getting the K2 blackpearl Professional book and use this information to supplement your learning of the K2 blackpearl Platform.

Sunday, April 12, 2009

K2 blackpearl Kerberos Configuration

1 - Introduction

Recently I went through another Kerberos configuration and I promised myself after going it I would write something about it. I have had to do Kerberos configurations several times and it seems that every time I do it something changes. Luckily it is not just me who has this experience so I do not feel too bad.


I am not a security expert nor am I a network engineer. There are tons of blogs and articles that explain Kerberos however I am going to try to make this simple. When installing K2 or MOSS you may need to configure Kerberos to get around authentication issues associated an account's credentials being passed between applications that reside on different physical servers. For example:

  • Application A is on Server A.
  • Application B is on Server B.
  • A user logs into Application A on Server A and needs to use Application B services that are on Server B.
  • Application A needs to pass the user's credentials from Server A to Server B so that Application B can authenticate against that account without requiring another login.

Kerberos is required to resolve the issue commonly referred to as the "double hop" issue. If you ever see errors like "NT AUTHORITY/ANONYMOUS LOGON" or "401 - Access Denied" you are experiencing an issue that can be resolved by configuring Kerberos authentication. When receiving an error like this, what is happening is Application A does not have permission to delegate user credentials to Application B which resides on Server B. Because there is no permission to delegate permissions from one machine to another, Application B subsequently defaults to using an anonymous login which is not sufficient for most applications.

To resolve this issue a level of trust needs to be created such that service accounts are trusted to pass a user's credentials from one machine to another.

  • First, a combination of service type and machine, and service account will be registered with the domain controller.
  • Second, a service account will then be given permission to pass user credentials to a specified registration (service type, machine, and service account).

In the case of K2, Kerberos authentication is always required once the K2 topology becomes dispersed across multiple servers. A common scenario is when SharePoint and K2 are not installed on the same physical servers.

Setting up Kerberos authentication should not be confused with Single Sign-On (SSO). SSO is used for storage of multiple username and passwords and then allowing the user to only log in once. Since all of the credential information is stored centrally then a broker will use those stored credentials to log the user into another application without having them to type in a different username and password. This is typically used so that the user does not have to remember multiple username and passwords to access systems.

In following sections I will discuss setting up Kerberos for K2 blackpearl. In part two of this series I will discuss Kerberos considerations for SharePoint. Setting up Kerberos authentication in a SharePoint environment is considered to be a best practice and provides better security than NTLM. It is also common to have to configure Kerberos with SharePoint when working with SQL Reporting services (SSRS).

2 - K2 and Kerberos


As mentioned before, you will need to set up Kerberos authentication for K2 when it is distributed across many servers. The major components are that can be distributed are:

  • The K2 Host Server
  • SQL Server
  • SharePoint
  • SQL Reporting Services
  • K2 Workspace web site

The K2 Getting Starting documentation is really good. A good portion of the following documentation comes from it however I have re-organized it a little and identified a few gaps.


2.1 - K2 and SQL Server


It is possible to have K2 blackpearl and SQL Server sitting on different machines and not require Kerberos authentication. The K2 Service account needs to have access to the access to SQL Server to access the various K2 databases; that is it.

2.2 - K2 Host Server


In the K2 Getting Started instructions, it states that you will need to run the following commands:

  • setspn -A K2Server/MachineName:5252 domain\K2 Service Account
  • setspn -A K2Server/MachineName.FQDN:5252 domain\K2 Service Account
  • setspn -A K2HostServer/MachineName:5555 domain\K2 Service Account
  • setspn -A K2HostServer/MachineName.FQDN:5555 domain\K2 Service Account

You will need to run these commands regardless of how you plan to distribute your K2 environment.


To verify the spn commands you ran:


  • setspn -L domain\K2 Service Account

This command states which machines the K2 Services Account can delegate from. It is good to run this periodically so you do not get lost while doing this.

The following picture shows the following Kerberos delegations that could be required based on the distribution of the K2 environment. The numbers correspond to sections below.


2.3 - K2 and SharePoint

A common scenario is that K2 Host Server and the SharePoint server will not reside on the same machine. If that is the case the following commands need to executed.

  • setspn -A HTTP/MachineName domain\SharePoint Service Account
  • setspn -A HTTP/MachineName.FQDN domain\SharePoint Service Account

Notes:


  • The MachineName is the name of the server where SharePoint resides. If there is an alias for the SharePoint site the MachineName will be the DNS entry. If you have multiple web front end servers (WFEs) in the SharePoint farm that are load balanced it is not required to run the above commands for each physical machine. For example if the SharePoint DNS entry is http://mymossfarm/, then the setspn command would be HTTP/mymossfarm. Make sure that this name is configured in DNS as an A Record and NOT an alias (CName).
  • The SharePoint Service Account refers to the service account for the application pool that SharePoint is running under.

Now that the spn has been set up for the SharePoint WFE we need to:

  • Go to Administrative Tools >> Active Directory Users and Computers.
  • Search for the SharePoint Service Account, open properties, go to the Delegation tab, and select the "Trust this user for delegation to specified services only" option. Then select the "User Kerberos only" option.

  • Press the add button, search for the K2 Service Account and select both the K2Server and K2HostServer Service Types. These were created in section 2.2.
  • Click ok and ok again.
  • Finally you will need to go to Central Admin of SharePoint >> Application Management >> Authentication Providers. Then in the default zone you will set the IIS Authentication Settings to use "Negotiate (Kerberos)". You will need to do an IIS reset for the changes to take effect.

In the delegation tab, what we basically did was say that the SharePoint Service Account is allowed to delegate credentials to the K2 Service Account only. Hopefully that can simplifies your understanding of what is going on.

You may be wondering why you had to do all of this. If you do not, K2 commands that are generated from SharePoint will not be trusted by the K2 Host Server. For instance the K2 task list web part, a web service call from web enabled InfoPath, etc. will not be trusted by the K2 Host Server. If you were to run the K2 Service from command line and not do any of the configurations above you would see a bunch of "NT AUTHORITY/ANONYMOUS LOGON" errors.

Debugging Note - There can be no duplicate SPN entries created. Uniqueness is defined by the combination of service and machine name. Examples of a service to this point are K2Server, K2HostServer and HTTP. A common mistake is to set up SPNs for the same service and machine with multiple service accounts. You will not receive an error when using the setspn command however Kerberos will not work if this is done. Some tools are discussed later that will help uncover these sort of issues.

Unusual Error – I had a painful experienced recently when configuring a K2 environment. We had followed all of the instructions correctly but we were still getting "NT AUTHORITY/ANONYMOUS LOGON" errors when watching the K2 Host Server via command line. Our solution was to select the "Use any authentication protocol" option instead of the "User Kerberos only" option in the Delegation tab. We lost days trying to figure this issue; unknowingly thinking that the only valid option was to select "User Kerberos only".

When doing some research on this option I found that the "Use any authentication protocol" option, meant that "the account can use the protocol transition extension to obtain a service ticket enables it to obtain service tickets to a pre-configured subset of kerberized services". I needed some more clarification and a colleague of mine (Jason Montgomery) sent me the following, "For Kerberos to function, a user's computer needs to be able to contact the Key Distribution Center (KDC) directly in order to get a Ticket to pass along to the Web Site they would like to authenticate with. If the user is outside the network and doesn't have network access to the KDC (Domain Controller), Protocol Transition allows the user to authenticate using any windows authentication protocol (Client Certificates, Forms Auth, Token, proprietary, etc). Once the user has authenticated, the Protocol Transition Extension allows the Service to retrieve a Ticket from the KDC on behalf of a user to itself. From this point on, the Service will be to properly pass the users ticket along to other tiers where required allowing the system to function as designed." He further explained "In your case having Protocol Transition setup didn't work because the Service needs first authenticate the user then call LsaLogonUser or use WindowsIdentity to obtain the token using the S4USelf extension (i suspect they are using the normal Kerberos proxy delegation or S4UProxy extension). If the K2 Service doesn't use the S4USelf extension during Auth then configuring K2 to use Protocol Transition will always fail". That was much lower that I had expected to go, however my tip is sometimes if Kerberos is still not working, try changing the Kerberos delegation to use the "Use any authentication protocol" option.


2.4 - K2 and K2 Workspace

When K2 and the K2 Workspace are placed on different servers, Kerberos authentication will need to be configured between the K2 Workspace and the K2 Host Server. In many cases I personally tend to keep the K2 Workspaces on the same machine as the K2 Host Server. The reason being is that the K2 Workspace is typically only opened up to a few power users and administrators. It is full of a ton of administrative functionality and I typically equate it to Central Administration for SharePoint.

Before continuing note that many occasions I have seen the same account used for both the K2 Service and the K2 Workspace Service. It is still required that you set up an SPN because delegation is going across physical servers and that is why Kerberos is required.

  • If you have not done section 2.2; complete that first.
  • setspn -A HTTP/MachineName domain\K2 Workspace Service Account
  • setspn -A HTTP/MachineName.FQDN domain\K2 Workspace Service Account
  • Go to Administrative Tools >> Active Directory Users and Computers.
  • Now search for the K2 Workspace Service Account, open properties, go to the Delegation tab, and select the "Trust this user for delegation to specified services only" option. Then select the "User Kerberos only" option.
  • Press the add button, search for the K2 Service Account and select both the K2Server and K2HostServer Service Types.
  • Click ok and ok again.

We have now given the K2 Workspace Service Account permission to pass user credentials to K2 Service Account. Otherwise you will get a bunch of 401 errors in the K2 Workspace web site.

2.4.1 K2 Workspace IIS Metabase


Next you need to update the IIS Metabase. The changes will be made to IIS in order to allow Kerberos authentication for the K2 Workspace web site.

  • Open IIS Manager.
  • Right click the top node and select properties.
  • Check the Enable Direct Metabase Edit checkbox.
  • Click ok a few times and finish.
  • Get the K2 Workspace Site Identifies from the IIS Manager. Click on top node and in right main window, there will be a Site Identifier number. That number will be used in the following commands.
  • Open a command line window and cd C:\Inetpub\AdminScripts
  • Next you need for force IIS to use Kerberos instead of NTML. Run the following commands
    • cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM"
    • cscript adsutil.vbs set w3svc/Site Identifier/NTAuthenticationProviders "Negotiate,NTLM"

2.5 – SharePoint and K2 Workspace


If SharePoint and the K2 Workspace are not on the same server, Kerberos authentication needs to be set up such that the SharePoint Service Account and delegate to the RuntimeServices web services that are hosted within the K2 workspace.

  • You must set up the SPN that were described in section 2.3.
  • At a minimum make sure to complete the first three bullets on Section 2.4 (even if both K2 Host Server and the K2 Workspace are on the same machine.
  • Go to Administrative Tools >> Active Directory Users and Computers.
  • Now search for the SharePoint Service Account, open properties, go to the Delegation tab, and select the "Trust this user for delegation to specified services only" option. Then select the "User Kerberos only" option.
  • Press the add button, search for the K2 Workspace Service Account and select the HTTP Service Type.
  • Click ok and ok again.

2.6 - K2 and SSRS


Another common scenario is that SSRS will already be installed somewhere. The following configurations are required.

Note - This can be avoided by installing SSRS on the machine where the K2 Host Server resides. This is possible because SSRS is a web site can be installed anywhere. Be warned, that if you do this, you will need to pay another SQL Server License because Microsoft deems this as another install of SQL Server.

2.6.1 SSRS to K2

The Reporting Services Service Account is the account which the SSRS web site runs under in the IIS Application Pool. This is needed to ensure that the account that being used to access a report is verified against the K2 Host server. For instance if K2 SmartObject Data Provider is used in a SSRS report, the account needs pass the K2 Host Server.

Complete the following:

  • If you have not done section 2.2; complete that first.
  • setspn -A HTTP/MachineName domain\Reporting Services Service Account
  • setspn -A HTTP/MachineName.FQDN domain\Reporting Services Service Account
  • Go to Administrative Tools >> Active Directory Users and Computers.
  • Now search for the SSRS Service Account, open properties, go to the Delegation tab, and select the "Trust this user for delegation to specified services only" option. Then select the "User Kerberos only" option.
  • Press the add button, search for the K2 Service Account and select only the K2HostServer Service Type.
  • Click ok and ok again.

2.6.2 K2 to SSRS


Another thing you will need to do is to allow the K2 Host Server service account to schedule SSRS reports. Now the K2 Host Server needs to be able to delegate to the SSRS Service Account. You will not need to run any spn commands because you have then all done at this point. You need to do the following:

  • Search for the K2 Service Account, open properties, go to the Delegation tab, and select the "Trust this user for delegation to specified services only" option. Then select the "User Kerberos only" option.
  • Press the add button, search for the SSRS Service Account and select the HTTP Service Type.
  • Click ok and ok again.

2.6.3 - K2 Workspace to SSRS

To add one more wrinkle to this, if you have the K2 Workspace and SSRS sitting on different servers, you need to allow the K2 Workspace to delegate use credentials to SSRS. This is because SSRS reports are embedded directly into the K2 Workspace.

  • If you have not done section 2.4; complete that first.
  • At a minimum, complete the first three bullets of 2.6.1.
  • Go to Administrative Tools >> Active Directory Users and Computers.
  • Search for the K2 Workspace Service Account, open properties. On the Delegation tab both "Trust this user for delegation to specified services only" and "User Kerberos only" options should already be selected.
  • Press the add button, search for the SSRS Service Account and select only the HTTP Service Type.
  • Click ok and ok again.

2.6.4 SSRS IIS Metabase


Next you need to update the IIS Metabase. The changes will be made to IIS in order to allow Kerberos authentication for the SSRS web site.

  • Open IIS Manager.
  • Right click the top node and select properties.
  • Check the Enable Direct Metabase Edit checkbox.
  • Click ok a few times and finish
  • Get the SSRS Site Identifies from the IIS Manager. Click on top node and in right main window, there will be a Site Identifier number. That number will be used in the following commands.
  • Open a command line window and cd C:\Inetpub\AdminScripts
  • Next you need for force IIS to use Kerberos instead of NTML. Run the following commands
    • cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM"
    • cscript adsutil.vbs set w3svc/Site Identifier/NTAuthenticationProviders "Negotiate,NTLM"

5 - Still Having Issues - Kerberos Configuration Tool


Download this tool; this helped me out tremendously after going through the Kerberos configuration and validating if I had set up everything correctly. It took a little bit to get the hang but it works great.

You only need to install it on one machine in the farm. What you can do is modify the parameters and it will tell you if there are any issues with Kerberos authentication between machines.


Some other tools that were recommended to me which I have not used are ldifde.exe and spnquery.vbs.


6 - Recommendations

My recommendation is place the K2 Host Server, K2 Workspace and SSRS on the same machine. SharePoint should be installed on its own dedicated environment. The SSRS install is only created to support K2 SSRS reports. This will only require you to complete sections 2.2, 2.3 and 2.5.


7 - References


8 - Credits


I also had some reviewers which helped me out.

Saturday, April 4, 2009

April 2009 K2 User Group

Update 4/16/2009 - here is the recorded presentation.

All,

I will be making a presentation to the K2 User Group on Tuesday April 14th from 11am to 1pm central US time. Below is information for attending via LiveMeeting.

I will be making a presentation on how to do document management with SharePoint and K2 with no code. This is a demo that I have given a few times and really demonstrates the power of the wizards within K2 to some really effective business processing. The information below says that the demo is on blackpoint, however it is all built on blackpearl. However since it is a no code implementation, it can be done completely on blackpoint…

---------------------------------------

Phillip Knight from Merit Energy will be hosting the K2 user group meetings at Merit Energy, located at 13727 Noel Road, 2nd Floor Conference room, Tower 2, Dallas, Texas 75240. Parking information is included in the linked map below. Remote attendance information is included at the bottom of this message.

Link to map: http://www.meritenergy.com/content/MeritMap.pdf. Reminder: Merit Energy is on the 5th floor, but the meeting will be held in a 2nd floor conference room. Once off the elevator, go to the reception area and we will bring you back to the conference room.

Please RSVP to me via email
whether you are attending via live meeting or if you will be attending in person (so that we can plan for the number of people to order food for).

Check out the K2 Underground site and our user group at http://k2underground.com/k2/InterestGroupHome.aspx?IntGroupID=11. We are posting webexes/live meetings from our meetings at this site.

5/12/2009 11am – 1pm
06/9/2009 11am – 1pm
07/14/2009 11am – 1pm
08/11/2009 11am – 1pm
09/8/2009 11am – 1pm

Meeting Agenda:
11-11:15 Networking/Refreshments
11:15-11:30 Announcements/Intros of New people
11:30-11:45 Tips & Tricks
11:45-12:45 Technical Presentation
12:45-1:00 Meeting Wrap up

The Announcements section of the meeting will include any information regarding K2 upcoming events and user group events as well as brief introductions of our presenter and refreshment provider.

The Tips & Tricks Presentation is when we as members can pose questions to each other on projects that we are working on and having difficulty with. It is also a time when if we have learned something that we feel will be helpful to others, we can share it with the group. Bring yours to share/ask.


Meeting Presentation & Company:

We thank Jason Apergis from MicroLink for
presenting at our April K2 user group meeting. Jason will be demonstrating a K2 BlackPoint document management workflow with no code that contains InfoPath, site creation, permission management, topology management, site templates, content types, sharepoint integrated workflow for word documents, document metadata updating, emails, etc.


Founded in 1998, MicroLink provides Business Intelligence, Information Discovery, Portals, and Collaboration solutions. MicroLink has a history of providing reliable, high quality, customer-driven solutions that focus on improving productivity, collaboration, and teamwork throughout our customers' enterprise. With a reputation for consistent, superior performance, and outstanding work in the public sector and commercial organizations MicroLink has earned the respect of its clients, partners, and employees. In recognition of this dedication, MicroLink has received the following awards; 2007 Autonomy Global Partner of the Year, 2008 Microsoft Federal Repeatable Solutions Award, 2007 Microsoft Federal Partner of the Year, and the 2007 and 2006 Microsoft DoD Partner of the Year, IBM Cognos client award for Excellence in the Public Sector 2008.


Meeting Presenters:


Jason Apergis is a coauthor on the recent WROX Professional K2 BlackPearl book that was released. He authored the chapter on InfoPath, SmartObjects and Deployments. Jason is also a K2 Insider. He currently works for MicroLink LLC as a Solution Architect focusing on MOSS and Business Process Automation solutions. Over the past four years Jason has done a lot of work with K2.net integrating it with BizTalk, SharePoint 2003/2007, InfoPath, ASP.net, SSIS, mainframes and other non-MS technologies. One of the solutions was nominated for a Microsoft Partner of the Year solution in 2006. Jason is a Virginia Tech alumni completing both his undergrad and masters in Information Technology. He plays ice hockey on a regular basis and is a huge Washington Capitals fan.


Meeting Sponsor:

We thank Jason Moseley from Hitachi Consulting for sponsoring our refreshments at our April meeting. Hitachi is a Microsoft Gold Certified Partner with a full range of business solutions and services for strategy and organization effectiveness, business intelligence and performance management, customer and channel (including CRM) and strategic technologies (including IT architecture and SOA).

Hitachi Consulting is widely recognized leader in delivering practical, value-based business strategies and technology solutions. From business strategy development through application deployment, we are committed to helping clients quickly realize measurable business value and achieve sustainable ROI.

For more information please contact Jason Moseley, Senior Manager Hitachi Consulting (amoseley@hitachiconsulting.com, 972-768-2789)


For Virtual Attendees:

Note: please keep your phone on mute until you are ready to speak.

Audio Information

Telephone conferencing
Choose one of the following:

Start Live Meeting client, and then in Voice & Video pane under Join Audio options, click Call Me. The conferencing service will call you at the number you specify. (Recommended)

Use the information below to connect:
Toll: +1 (719) 867-1571

Toll-free: +1 (877) 860-3058

Participant code: 914421

First Time Users:

To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Troubleshooting
Unable to join the meeting? Follow these steps:

Copy this address and paste it into your web browser:

1. https://www.livemeeting.com/cc/scna1/join?id=KZ3QJJ&role=attend&pw=7%21j%27mJ%28%7BP

2. Copy and paste the required information:

Meeting ID: KZ3QJJ

Entry Code: 7!j'mJ({P
Location: https://www119.livemeeting.com/cc/scna


If you would like to provide refreshments at an upcoming meeting or present at an upcoming meeting, please contact me.

Our next meeting announcement will be sent out next Tuesday.

Let me know if you have any questions prior to the meeting.