I've discovered the solution to my problem. However, I'm not sure why it works. Through experimentation I was able to find that IIS would not attempt to read certs from any store location except for "LocalMachine" and any store name except for "Personal".
It took me a while to come to this conclusion and I tried most combinations of storeLocation and various storeNames.
If anybody knew why it is that the Root Certificate store is inaccessible to IIS, that would be interesting to learn.
Thanks!