We are unable to install any plugins to child sites (even the site where mainwp dashboard is setup) via “Upload .zip file” without first disabling iThemes Security hide backend from parent dashboard site. The error for the installation fails with not_found. Worked on this issue with iThemes developers and they are saying that it is being caused because mainWP is unaware of the hide backend URL. The not_found is the default redirect URL when someone tries to hit the wp-login.php with hide backend enabled. The only workaround for now is to disable the hide backend feature and then re-enable it every time you need to install a plugin to child sites (using the upload .zip feature).
The issue persists in the latest beta as well.