When a Package Server is promoted to a STRICTLY CEM enabled, Internet facing Site Server, HTTPS is the only valid code base, or download location. If the environment is already setup to use HTTPS, typically the setup will work. If HTTP is used, or even partially used, the CEM Site Server requires additional configuration to ensure CEM enabled and active clients can use the Site Server.
The following two changes will ensure the CEM clients are only handed HTTPS code bases to download packages from. The first step is covered in the documentation, however it is worth bringing up here.
(Note that the CEM enabled clients will attempt HTTPS first, but this will remove the possibility of falling back to UNC, which will never work)
NOTE: The Agent will typically figure out what method to use, but the above can help situations where the Site Server is only serving CEM enabled clients.
In ITMS 7.6 and 8.0 the codebase publishing can be controlled using the "All Settings>Notification Server>Site Server Settings>Package ServicePackage Service Settings".