The customer recently updated his environment (some network updates and upgrading the SMP Server from 8.6 RU2 to 8.6 RU3 version) and since then they are now having issues with client machines not been able to connect in CEM (Cloud-Enabled Management) mode. They are seeing the following errors in the agent logs:

Operation 'CEM: Connect' failed. 
Protocol: HTTPS 
Original host: smpdev801.domain.com:443
Real host: gatewaycem1.domain.com:443
Path: / 
Connection id: 19.892 
Communication profile id: {3C91B641-55DA-48FD-8748-22AB3611F3C6} 
Throttling: 0 0 0 
Error type: Connection error 
Error code: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (10060) 
Error note: SocketIOStrategySyncSelect::Connect error

Followed by the error:

Request 'HTTPS://smpdev801.domain.com:443/altiris/NS/Agent/ConnectionTest.asp' failed, COM error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (0x8007274C)

ITMS 8.6 RU2, RU3

This was an environmental issue due to network configuration. 
The message mentioned above is something that we have seen in other versions as well. Usually it refers that a client machine in CEM mode is able to get to the Gateway but we didn’t get a response in a timely matter. Usually because there is a network device like a firewall, proxy, load balancer, etc. that may be holding the response or redirecting it. We have also seen this when the specified port is blocked or not open. As well another reason has been that the client machine gets to the gateway but the gateway can’t talk to the SMP Server in order to open a connection for this client machine's request.

It was a network issue as mentioned before.
Check with your network team and verify with them that the proper firewall rules for your Internet gateway are in place. 

In this particular situation, the customer mentioned that after speaking to his network team, he wasn’t aware they replaced a firewall in their data center but did not recreate the rules for their Internet gateway. They’ve created them again and CEM communication now is working.