How do device tokens vary from sandbox to production modes?

I think I have locked up some device tokens into a production mode, and they can't be pushed to from development.

Any ideas on how I can check?

When you build your app using a development cert, the app will generate a unique device token. This device token will not work on the production push network. When you then build your app with a distribution provisioning profile (App Store or Ad-Hoc) your device will generate a different device token for push notifications. If you try to send the development generated token to the production push SSL network, Apple's servers will reject your token.

What I did was to try production first, then if that failed with an InvalidToken code, then try it again against sandbox.

In case you're wondering, yes, this is harder than it needs to be.