What triggers this error
You're running a Python script, a REST client, or any TCP-based tool, and you get hit with:
ConnectionRefusedError: [WinError 10061] No connection could be made because the target machine actively refused it
This isn't a timeout. Windows actually sent a TCP RST packet back immediately โ meaning something actively said "no." Either nothing is listening on that port, the service crashed, or a firewall is blocking the connection at the application layer.
Common situations where this shows up:
- Connecting to a local dev server that isn't running yet
- Pointing your app at
localhost:5432but PostgreSQL isn't started - A Redis/RabbitMQ/Elasticsearch connection in Docker before the container is healthy
- Testing a Python
socketclient before starting the server - Connecting to a remote service that has Windows Firewall blocking the port
Step 1 โ Confirm what's actually listening
Before touching anything, check whether something is listening on that port. Open PowerShell or Command Prompt and run:
# Check if anything is listening on port 8080 (replace with your port)
netstat -ano | findstr :8080
# Or list all listening ports at once
netstat -ano | findstr LISTENING
No output for your port? Nothing is listening โ just start the service and you're done.
To identify which process owns a port:
# Get the PID from netstat output, then:
tasklist /FI "PID eq 1234"
PowerShell gives you the same info more cleanly:
Get-NetTCPConnection -LocalPort 8080 -State Listen
Step 2 โ Start the target service
Nothing listening means nothing to connect to. Start the server:
# Python HTTP server
python -m http.server 8080
# Flask app
flask run --port 8080
# PostgreSQL (via services)
net start postgresql-x64-15
# Redis (if installed as a service)
net start Redis
# Or via Services panel
services.msc
Re-run your original command after starting. Error gone? You're done.
Step 3 โ Check Windows Firewall
Service is running but the error persists? Windows Firewall is the likely culprit. It can block ports at the application level โ especially for inbound connections from other machines or Docker containers.
Check if a rule exists for your port:
# Run PowerShell as Administrator
Get-NetFirewallRule -Action Allow | Where-Object { $_.Enabled -eq 'True' } | Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -eq '8080' }
To add a rule that allows inbound traffic on port 8080:
# PowerShell as Administrator
New-NetFirewallRule -DisplayName "Allow port 8080" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow
Prefer the GUI? Go to Windows Defender Firewall โ Advanced Settings โ Inbound Rules โ New Rule โ Port โ TCP โ 8080 โ Allow.
Step 4 โ Fix the connection address in your code
A very common Python mistake: binding the server to 127.0.0.1 but connecting from another process using a different address (or vice versa).
# Server side โ binds only to localhost
import socket
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(('127.0.0.1', 9000)) # Only accepts local connections
server.listen()
# Client side โ must match exactly
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect(('127.0.0.1', 9000)) # OK
# client.connect(('0.0.0.0', 9000)) # WRONG โ WinError 10061
Binding to 0.0.0.0 accepts connections on all network interfaces. Binding to 127.0.0.1 restricts it to local-only. Your client must connect to the address the server is actually listening on โ not whatever feels convenient.
Step 5 โ Handle race conditions in code
When your app starts a subprocess server and immediately tries to connect, the server may not be ready yet. Add a retry loop instead of a bare connect():
import socket
import time
def wait_for_port(host: str, port: int, timeout: float = 10.0):
start = time.time()
while True:
try:
with socket.create_connection((host, port), timeout=1):
return True # Connected successfully
except (ConnectionRefusedError, OSError):
if time.time() - start >= timeout:
raise TimeoutError(f"Port {port} not available after {timeout}s")
time.sleep(0.5)
wait_for_port('127.0.0.1', 8080)
# Now safe to make your real connection
Step 6 โ Check antivirus and third-party firewalls
Still seeing WinError 10061 after all that? Third-party security software is often the hidden culprit. Windows Defender Antivirus, Kaspersky, Norton, Bitdefender โ they all have network protection layers that can block port access even when your Windows Firewall rules are perfectly configured.
- Temporarily disable your AV and test the connection
- Check the AV's network protection logs for blocked connections
- Add your app or Python executable to the AV's exclusion list
Verify the fix
Use Test-NetConnection in PowerShell โ the Windows equivalent of nc -zv:
# Test connection to localhost port 8080
Test-NetConnection -ComputerName localhost -Port 8080
# Expected output when working:
# TcpTestSucceeded : True
# Expected output when still broken:
# TcpTestSucceeded : False
Or test directly in Python:
import socket
try:
s = socket.create_connection(('127.0.0.1', 8080), timeout=3)
print('Connection OK')
s.close()
except ConnectionRefusedError:
print('Still refused โ service not listening')
except TimeoutError:
print('Timeout โ firewall may be dropping packets silently')
Tips
Debugging a network issue involving IP ranges, VPNs, or Docker subnet conflicts? The Subnet Calculator on ToolCraft lets you quickly verify CIDR ranges and check whether two addresses share the same network โ handy when your app connects to a container via a bridge network and you're unsure if the IP is even reachable. Runs entirely in your browser, no data uploaded.
Quick reference โ WinError 10061 causes
- No service listening โ Start the server first
- Wrong port number โ Check server config vs. client config
- Wrong host address โ Match bind address to connect address
- Windows Firewall blocking โ Add inbound rule for the port
- Service crashed โ Check Event Viewer โ Windows Logs โ Application
- Race condition โ Add retry loop before connecting
- Antivirus blocking โ Check AV network logs or add exclusion