Trouble Connecting AKS Worker Nodes to Private API Endpoint

Hey folks! I'm in the middle of setting up a private AKS cluster, and everything seemed to be going well. The private DNS zone is registered, and the default node pool was created correctly in the intended subnet and resource group. The worker nodes can reach the internet through a User Defined Route in the subnet, and I can confirm that DNS resolution works since I'm able to ping the API hostname and see the Private Endpoint's IP.

The issue arises because the worker nodes are unable to connect to the cluster through the Private Endpoint. While they can reach each other, they can't ping the Private Endpoint, even though it's in the same subnet. Attempts to connect to its HTTPS port also fail.

I created the AKS cluster using both Terraform and the Azure CLI. Here's the script I used with the `az aks create` command:
```
az aks create
--name $aksName
--resource-group "$rgName"
--load-balancer-sku standard
--enable-private-cluster
--vnet-subnet-id "$vnetSubnetId"
--enable-oidc-issuer
--private-dns-zone "$privateDnsZoneId"
--assign-identity "$msiId"
--node-count 1
--admin-username "azureuser"
--ssh-key-value "$sshKey"
--network-policy calico
--network-plugin azure
--network-plugin-mode overlay
--outbound-type userDefinedRouting
--zones 1
--tier Standard
--disable-public-fqdn
--node-resource-group "${rgName}-nodes"
--location uksouth
--kubernetes-version 1.32
--enable-aad
--disable-local-accounts
--enable-azure-rbac
--skip-subnet-role-assignment
--aad-tenant-id $aadTenantId
--aad-admin-group-object-ids $aadAdminGroupIds
```

We've also reached out to Microsoft support, but so far we haven't found a solution. Any tips on what to check next or any insights on what might be slipping through? Thanks for your help!