The key error is:
Security header is not valid
this means the username, password, or signature are not correct. Perhaps it didn't keep the sandbox setting and it is submitting to the live server now. That would explain the issue since they use different credentials.