When IIS is building up a certificate chain to send to the client during SSL negotiation, it excludes the root certificate from the chain. For instance, if my chain is Server Cert -> Intermediate 1 -> Intermediate 2 -> Root CA, then IIS only sends Server Cert -> Intermediate 1 -> Intermediate 2. This somewhat makes sense because it's expected that the client should already have the Root CA in their trusted store. However, I have found that root certificates will be automatically checked using Window's Automatic Root Certificates Update and installed automatically to the trusted store if applicable. It seems this is a common approach used by a number of sites. For instance, if I clear out my Third-Party Root Certificate Authorities and turn off Automatic Root Certificates Update and visit godaddy.com, I will receive a certificate error. If I turn the automatic updates back on, the root certificate (which is sent in the chain by godaddy.com) will be automatically installed and everything just works. I've confirmed that this only works if the root certificate is sent as part of the chain.
For this reason, I would like to configure IIS to include the root certificate as part of the chain but I cannot seem to find a way to do it.