LIVE|CLI v0.144.0·model GPT-5.6 Sol·verified 2026-07-09
Codex Insider
The unofficial wire for OpenAI Codex.
community-trackedCLIIDEpublished Jul 15, 2026 · facts verified Jul 9, 2026
codex — session
$ codex

failed to start login server: 127.0.0.1:1455 (os error 10013)

exit code 1
The fix do this first

Windows itself is blocking the port, not another app. In an admin terminal, run `net stop winnat`, then `codex login`, then `net start winnat` — this reshuffles the reserved port ranges that swallow 1455. For a permanent fix, run `netsh int ipv4 set dynamicport tcp start=49152 num=16384` (repeat for ipv6) and reboot. Or skip the local server: `codex login --device-auth` uses the device-code flow and never binds a port.

On Windows, codex login and the VS Code extension’s ChatGPT sign-in both work by starting a temporary OAuth callback server on 127.0.0.1:1455. When Windows refuses the bind, login dies with os error 10013 — the Winsock code for a socket access attempt forbidden by its permissions — before a browser tab ever opens.

Symptoms

If your login server starts fine but the browser then can’t reach localhost:1455/auth/callback, that’s a different failure — see the community thread on the unreachable callback.

Cause

This is a port reservation, not a port conflict. Windows’ NAT service (winnat) auto-reserves blocks of ports for virtual networking — WSL2, Hyper-V, Docker Desktop, VPN clients, Tailscale, Android emulators, and proxy tools all trigger these reservations — and nothing else can bind inside a reserved block. In one documented case the excluded range was 1359–1458, which puts 1455 squarely inside it. Check your own ranges:

netsh interface ipv4 show excludedportrange protocol=tcp

If 1455 falls inside a listed range, you’ve found it.

Fix

  1. Temporary (fastest). In an administrator terminal: net stop winnat, run codex login, then net start winnat. Restarting winnat reassigns the excluded ranges, which typically frees 1455. Reservations can drift back over the port later.

  2. Permanent. Move the dynamic port range to the RFC-standard 49152+ so winnat’s reservations land far from 1455, then reboot:

    netsh int ipv4 set dynamicport tcp start=49152 num=16384
    netsh int ipv6 set dynamicport tcp start=49152 num=16384
  3. Sidestep the port. codex login --device-auth uses the OAuth device-code flow — no local server, no bind. OpenAI’s docs recommend it when networking blocks the localhost callback; you first have to enable device code login in your ChatGPT security settings (workspace admins control it for workspace accounts).

  4. In the IDE extension, there’s no device-code button yet — that’s an open feature request from February 2026 — so extension users need the winnat route above.

Facts on this page verified July 15, 2026.

Sources
  1. Abolfazl Hosseini (Medium) — Fixing Codex Sign-In Error on Windows: When Dynamic Ports Break OAuth
  2. logomokona (cnblogs) — VS Code Codex 插件登录失败: os error 10013 的真实原因与修复
  3. OpenAI Codex docs — Authentication (device code login, SSH port forwarding)
  4. openai/codex #12263 — Add 'Sign in with Device Code' to handle localhost:1455 OAuth callback issues (open)
  5. OpenAI community forum — localhost:1455 callback unreachable after sign-in