Without seeing the whole thing, it's tough to guess. far end sip domain in sig group/authoritative domain of the network region of the near/far end nodes of that sig group? Are you using subdomains anywhere? CM is funny in how it deals with that. customer.com should be the authoritative domain of the last NR and most.detailed.subdomain.customer.com should be authoritative earlier. Anytime you exact match a whole domain after the @, the lowest numbered sig group with that authoritative domain in the network region gets triggered.
To say, maybe you set up the call on on sig 100/NR100 and the 200 OK @customer.com with NR1's authoritative domain customer.com and a sig group 1 in customer.com was hijacking the 200OK/ACK sequence such that the sig group that set up the call wasn't the one receiving the OK/ACK part to complete call setup. Just a guess.
Either way, there's no good reason for a 200OK with SDP being sent over and over once RTP was set up. But it's a telltale sign when CM tries the 200 OK every second for a few, then every 2nd second a few times then every 4th second a few times and eventually gives up.
And your traceSM has something on 5061, and your wireshark screencap on 5060/5100. Maybe you mixed up something in the ports too?