1. Make sure under Certificates -> Controllers -> Send to vBond must be performed.

2.

Confirm if the following are in place:
vManage VPN0 interface configured with tunnel-interface
vSmart VPN0 interface configured with tunnel-interface
vBond VPN0 interface disable tunnel-interface

I had this problem before where all 3 controllers could not converge because vBond had tunnel-interface configured in the transport interface. Since vBond is the orchestrator here so all vManage and vSmart must get approved by vBond as well.

You can also check why control-connections cannot form via the following command:

vBond# show orchestrator connections-history
Legend for Errors
ACSRREJ    - Challenge rejected by peer.               NOVMCFG   - No cfg in vmanage for device.
BDSGVERFL  - Board ID Signature Verify Failure.        NOZTPEN   - No/Bad chassis-number entry in the ZTP.
BIDNTPR    - Board ID not Initialized.                 ORPTMO    - Server's peer timed out.
BIDNTVRFD  - Peer Board ID Cert not verified.          RMGSPR    - Remove Global saved peer.
CERTEXPRD  - Certificate Expired                       RXTRDWN   - Received Teardown.
CRTREJSER  - Challenge response rejected by peer.      RDSIGFBD  - Read Signature from Board ID failed.
CRTVERFL   - Fail to verify Peer Certificate.          SSLNFAIL  - Failure to create new SSL context.
CTORGNMMIS - Certificate Org name mismatch.            SERNTPRES - Serial Number not present.
DCONFAIL   - DTLS connection failure.                  SYSIPCHNG - System IP changed.
DEVALC     - Device memory Alloc failures.             SYSPRCH   - System property changed.
DHSTMO     - DTLS HandShake Timeout.                   TMRALC    - Timer Object Memory Failure.
DISCVBD    - Disconnect vBond after register reply.    TUNALC    - Tunnel Object Memory Failure.
DISTLOC    - TLOC Disabled.                            TXCHTOBD  - Failed to send challenge to BoardID.
DUPSER     - Duplicate Serial Number.                  UNMSGBDRG - Unknown Message type or Bad Register msg.
DUPCLHELO  - Recd a Dup Client Hello, Reset Gl Peer.   UNAUTHEL  - Recd Hello from Unauthenticated peer.
DUPSYSIPDEL- Duplicate System IP.                      EMBARGOFAIL- Embargo check failed

HAFAIL     - SSL Handshake failure.                    VBDEST    - vDaemon process terminated.
IP_TOS     - Socket Options failure.                   VECRTREV  - vEdge Certification revoked.
LISFD      - Listener Socket FD Error.                 VSCRTREV  - vSmart Certificate revoked.
MGRTBLCKD  - Migration blocked. Wait for local TMO.    VB_TMO    - Peer vBond Timed out.
MEMALCFL   - Memory Allocation Failure.                VM_TMO    - Peer vManage Timed out.
NEWVBNOVMNG- New vBond with no vMng connections.       VP_TMO    - Peer vEdge Timed out.
NOACTVB    - No Active vBond found to connect.         VS_TMO    - Peer vSmart Timed out.
NOERR      - No Error.                                 XTVSTRDN  - Teardown extra vSmart.
NOSLPRCRT  - Unable to get peer's certificate.         CGNIDCHNGD- vBond teardown CGN ID.
LRNTPEER   - Delete learnt peer entry.                 BIDSIG    - Board ID signing failure.

                                                                                     PEER     PEER             PEER
         PEER     PEER     PEER             SITE        DOMAIN      PEER             PRIVATE  PEER             PUBLIC                                                     REPEAT
INSTANCE TYPE     PROTOCOL SYSTEM IP        ID          ID          PRIVATE IP       PORT     PUBLIC IP        PORT    REMOTE COLOR     STATE             LOCAL/REMOTE    COUNT DOWNTIME
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------