This is a quick post to highlight an issue vSphere Replication has with ESXi 6.5U1 for To-the-cloud replication.
Only customers that use vSphere Replication for DR or migrations to the cloud endpoints (e.g. vCloud Availability for vCloud Director) with ESXi 6.5U1 hosts are affected (ESXi 6.5 and older works fine). Also host-to-host replication is not affected.
The root cause is that ESXi 6.5U1 hosts are unable to retrieve from vSphere Replication Appliance vr2c-firewall.vib that is responsible for opening outgoing communication ports for replication traffic on the ESXi host firewall.
This results in inability to perform any to-the-cloud replications. To see the issue look into the host Firewall configuration in the Security Profile section. If you do not see Replication-to-Cloud Traffic section you are affected.
The picture below which traffic it is related to (red rectangle on the left):
If you would look into esxupdate.log on the host you will see error: [Errno 14] curl#56 – “Content-Length: in 200 response”.
Until a fix is going to be released here is a workaround:
- Download the vr2c-firewall.vib from the vSphere Replication Appliance: https://vSphere-Replication-Appliance-ip-or-fqdn:8043/vib/vr2c-firewall.vib.
- Upload the vib to a shared location (datastore)
- Install the vib to every host with the following command: esxcli software vib install -v /vmfs/volumes/<datastore>/vr2c-firewall.vib
- Verify the fix was installed properly with: esxcli software vib list | grep vr2c
Tom Fojta's Blog 
Take note, installing the vib will reboot the esxi host. So make sure you put the host into maintenance mode first.