The main problem is to define "failed". This cannot be realistically done for except for coverage of a small number of cases that you design and build to. As a consequence of this it is often not possible to vote fail based upon just one board not following the expected path.

Back in the late 1970's me and a couple of engineers working at a company devised a scheme for redundant MCUs that you may want to consider today. Three separate MCUs on separate boards run the same algorithm from the same inputs (or redundant inputs) and produce outputs. One MCU is permitted to control the target environment via its outputs whilst the others just run along. A method is devised to monitor the outputs of all three MCUs to see that they are producing the same results. One way to do this is to have a multi-ported RAM on each device and every once in a while all devices are to place their result(s) into the RAM. The results in the three RAM sets are compared by a supervisory MCU that can vote out one that works out of step and switch in the outputs of one of the other two MCU systems. The supervisor is designed ultra simple and with low power high reliability design.

Michael Karas