Sometimes Service Desk/CMDB administrators could be confused why some SLA are breached, though the activity sequence does not suggest that.
The reason is set_sla_evt_open_date option.
Why some tickets SLA breach, though the ticket activities say otherwise?
Service Desk/CMDB 14.1, 17.1 on Windows/Linux/Unix
When set_sla_evt_open_date option is installed, ALL SLA events start from the time the ticket is created. This will cause SLA breached if the ticket priority changes during the ticket life cycle. For example, if a ticket is created with priority 3 and after some time changed to priority, and now, if the ticket
priority changes back to priority 3, then you may see the SLA is breached right away as those SLA events for the last priority 3 start from the moment the ticket was created, not from the moment that the service type events are inserted into the tickets.
To avoid this situation, un-install "set_sla_evt_open_date" option and recycle SDM/CMDB