Before install Windows Live ID Management Agent 2.0 place the PassportMA_GlobalConfig.xml under \Extensions folder.
The PassportMA_GlobalConfig.xml that Microsoft gives you doesn’t have defaultcertski element specified. But after you install the MA with the correct certificate the defaultcertski will be filled with the correct value.