The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). After he enrolled the certificates, he realized that when he tried to export them using the Certificates console he couldn't export their private key. In their custom certificate template they had specified that private key should be exportable.
It turned out they were not setting "objPrivateKey.ExportPolicy" to "X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG" (IX509PrivateKey::ExportPolicy property) in their code.
I hope this helps.
Alex (Alejandro Campos Magencio)