I was receiving many errors today when trying to do the same thing. First I received the error you are getting and then I received this: "Error Message: System Managed Service Identity does not have enough permissions to create private endpoint in resource group or join it to a subnet (Code: UserErrorNotEnoughPermissionOnMSI)".
Try enabling the Managed Identity on the RSV, then assign the Network Contributor role to it on the Resource Group level. It only worked when this role was added on the Resource Group level for me... Not the vnet the private endpoint was being deployed to. I also tried at the subnet level first and that did not work either.
Once I did that I was able to create the private endpoint thru the portal. Originally I was doing this thru Terraform and then started testing via the portal.
For anyone who runs into this issue and is using Terraform... One other issue I had was for the subresource_names field in Terraform I had to set the value to ["AzureBackup"] and not ["vault"] like the link below suggest.
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource
I hope this helps...