![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 52%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 23%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 67%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Hello Christopher Fryett,
Thank you for the update and for explaining how your SQL connection is configured. I understand the challenge now: since you're using Windows authentication through an on-premises Data Gateway, the SQL connector binds the gateway connection, stored Windows credentials, and target SQL server together when the connection is first created. When that connection definition is effectively reused against a different server by only changing the server's name at runtime, the authentication fails and results in 401 in QA.
With Logic Apps + On-Premises Gateway, the connection resource (in connections.json) stores a static mapping of: Connection → Gateway → On-Prem SQL server → Auth method.
The gateway uses the stored credential and connection metadata to reach your on-prem SQL server; it does not dynamically re‑negotiate against arbitrary servers at runtime. Because of this, when you deploy a ZIP from Dev to QA, QA is still using the Dev connection definition and credential, which is why it continues to reference the Dev server until you manually recreate or rebind the connection.
For this setup, the connector must be recreated per environment, and the gateway mapping needs to match the server's name used in that environment. In other words, the SQL connection resource in QA cannot reuse Dev’s server name or Dev’s connection definition.
A couple of things that may help:
- Create a separate SQL connector connection per environment (Dev/QA/Prod), each created in that environment and authorized once against the correct gateway and server. Then reference the appropriate connection in your workflow for that environment but avoid parameterizing only the server's name inside the SQL action. The server and gateway pairing should match what the connection was created with.
References: Install on-premises data gateway for workflows in Azure Logic Apps, - If your pipelines are overwriting connections.json or similar artifacts, ensure that the connectionId and backend details in that file map to an existing QA SQL connection that you created and authorized in QA. The connection resource should exist and be valid in QA before you deploy or update the workflows so that the actions can bind cleanly to it. References: Connect to on-premises data sources from Azure Logic Apps
- Unfortunately, managed identities can’t help here because the on-prem SQL + gateway connector doesn’t support MI. Windows auth through gateway strictly binds to the gateway connection resource.
References: Authenticate access and connections to Azure resources with managed identities in Azure Logic Apps, Connect to SQL databases from workflows in Azure Logic Apps
I hope the above helps. Please do let us know if you have further questions on this. Thank you!