I am new to SD-WAN, and I am struggling for days to onboard a single C8Kv into my SDWAN fabric. I am doing it in my lab on CML, I have already configured vManage, vSmart and vBond, they all are online. I am using the Enterprise-Root CA certificate method. 

I created the template in vManage, attached it to my C8Kv and generated the bootstrap file. I transferred it and my ROOT-CA.pem to the bootflash of the C8Kv, and enabled controller-mode. I can ping all the controllers.

I installed the Root certificate with request platform software sdwan root-cert-chain install bootflash:ROOT-CA.pem

However, at the last part that I ask the vManage to sign my certificate (I don`t know if this is what It actually does) by doing request platform software sdwan vedge_cloud activate chassis-number C8K-1383611E-E0F7-EABA-82C6-9E5DFC97A9A3 token 0f1574e8d3614affb3734afe645016e5 nothing happens.

In the C8Kv show sdwan control connections it displays only vBond (image-attached also):
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g - connect 0

Also, show sdwan control connection-history displays (image-attached also):

c8Kv#show sdwan control connection-history
Legend for Errors
ACSRREJ - Challenge rejected by peer. NOVMCFG - No cfg in vmanage for device.
BDSGVERFL - Board ID Signature Verify Failure. NOZTPEN - No/Bad chassis-number entry in ZTP.
BIDNTPR - Board ID not Initialized. OPERDOWN - Interface went oper down.
BIDNTVRFD - Peer Board ID Cert not verified. ORPTMO - Server's peer timed out.
BIDSIG - Board ID signing failure. RMGSPR - Remove Global saved peer.
CERTEXPRD - Certificate Expired RXTRDWN - Received Teardown.
CRTREJSER - Challenge response rejected by peer. RDSIGFBD - Read Signature from Board ID failed.
CRTVERFL - Fail to verify Peer Certificate. SERNTPRES - Serial Number not present.
CTORGNMMIS - Certificate Org name mismatch. SSLNFAIL - Failure to create new SSL context.
DCONFAIL - DTLS connection failure. STNMODETD - Teardown extra vBond in STUN server mode.
DEVALC - Device memory Alloc failures. SYSIPCHNG - System-IP changed.
DHSTMO - DTLS HandShake Timeout. SYSPRCH - System property changed
DISCVBD - Disconnect vBond after register reply. TMRALC - Timer Object Memory Failure.
DISTLOC - TLOC Disabled. TUNALC - Tunnel Object Memory Failure.
DUPCLHELO - Recd a Dup Client Hello, Reset Gl Peer. TXCHTOBD - Failed to send challenge to BoardID.
DUPSER - Duplicate Serial Number. UNMSGBDRG - Unknown Message type or Bad Register msg.
DUPSYSIPDEL- Duplicate System IP. UNAUTHEL - Recd Hello from Unauthenticated peer.
HAFAIL - SSL Handshake failure. VBDEST - vDaemon process terminated.
IP_TOS - Socket Options failure. VECRTREV - vEdge Certification revoked.
LISFD - Listener Socket FD Error. VSCRTREV - vSmart Certificate revoked.
MGRTBLCKD - Migration blocked. Wait for local TMO. VB_TMO - Peer vBond Timed out.
MEMALCFL - Memory Allocation Failure. VM_TMO - Peer vManage Timed out.
NOACTVB - No Active vBond found to connect. VP_TMO - Peer vEdge Timed out.
NOERR - No Error. VS_TMO - Peer vSmart Timed out.
NOSLPRCRT - Unable to get peer's certificate. XTVMTRDN - Teardown extra vManage.
NEWVBNOVMNG- New vBond with no vMng connections. XTVSTRDN - Teardown extra vSmart.
NTPRVMINT - Not preferred interface to vManage. STENTRY - Delete same tloc stale entry.
HWCERTREN - Hardware vEdge Enterprise Cert Renewed HWCERTREV - Hardware vEdge Enterprise Cert Revoked.
EMBARGOFAIL - Embargo check failed REGIDMIS - Region ID set mismatch.
REGIDCHG - Region ID config update CRTVERCRLFL - Fail to verify Peer Certificate Due to CRL.

PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC LOCAL REMOTE REPEAT
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE ERROR ERROR COUNT ORGANIZATION DOWNTIME
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g connect DCONFAIL NOERR 49 2023-08-04T19:27:20+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g tear_down DISTLOC NOERR 0 2023-08-04T19:25:00+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g connect DCONFAIL NOERR 41 2023-08-04T19:20:33+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g connect DCONFAIL NOERR 17 2023-08-04T19:14:55+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g connect DCONFAIL NOERR 9 2023-08-04T19:12:31+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g connect DCONFAIL NOERR 28 2023-08-04T19:11:11+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g tear_down DISTLOC NOERR 0 2023-08-04T19:05:38+0000
vbond dtls 0.0.0.0 0 0 10.0.2.3 12346 10.0.2.3 12346 3g tear_down DISTLOC NOERR 0 2023-08-04T18:54:22+0000

vBond seems to be properly configured, because it has the vEdge-list when doing show orchestrator valid-vedges :

This is my simple topology:

EDIT: This is my current running config in the C8Kv:
Current configuration : 4337 bytes
!
! Last configuration change at 19:23:49 UTC Fri Aug 4 2023 by admin
!
version 17.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
!
hostname c8Kv
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
vrf definition 65529
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
description Management VPN
rd 1:512
!
address-family ipv4
route-target export 1:512
route-target import 1:512
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 512000
logging persistent size 104857600 filesize 10485760
no logging monitor
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
aaa server radius dynamic-author
!
aaa session-id common
fhrp version vrrp v3
ip arp proxy disable
!
!
!
!
!
!
!
ip bootp server
no ip domain lookup
no ip dhcp use class
!
!
!
login on-success log
ipv6 unicast-routing
ipv6 rip vrf-mode enable
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4156119817
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4156119817
revocation-check none
rsakeypair TP-self-signed-4156119817
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4156119817
crypto pki certificate chain SLA-TrustPoint
!
!
!
!
!
!
!
!
license udi pid C8000V sn C8K-1383611E-E0F7-EABA-82C6-9E5DFC97A9A3
diagnostic bootup level minimal
memory free low-watermark processor 63676
!
!
spanning-tree extend system-id
!
!
!
username admin privilege 15 secret 9 X.X.X
!
redundancy
!
!
!
no crypto ikev2 diagnose error
!
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface Loopback65529
vrf forwarding 65529
ip address 11.1.1.4 255.255.255.255
!
interface Tunnel1
ip unnumbered GigabitEthernet1
no ip redirects
ipv6 unnumbered GigabitEthernet1
no ipv6 redirects
tunnel source GigabitEthernet1
tunnel mode sdwan
!
interface GigabitEthernet1
ip address 192.168.50.12 255.255.255.0
no ip redirects
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet2
ip address 10.0.2.1 255.255.255.0
no ip redirects
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no ip address
no ip redirects
load-interval 30
shutdown
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet4
no ip address
no ip redirects
load-interval 30
shutdown
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
router omp
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat settings central-policy
ip nat settings gatekeeper-size 1024
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service all-algs
ip route 0.0.0.0 0.0.0.0 192.168.50.1
ip ssh version 2
ip scp server enable
!
!
!
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
stopbits 1
speed 115200
line aux 0
line vty 0 4
transport input ssh
line vty 5 80
transport input ssh
!
nat64 translation timeout udp 300
nat64 translation timeout tcp 3600
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
telemetry receiver protocol confd-rfc5277
host ip-address 0.0.0.0 0
netconf-yang
netconf-yang feature candidate-datastore
end

EDIT2: I  partially used the website convert2sdwan.cisco.com to part of the configuration

I would I appreciate any help so I could get better. What am I doing wrong?