• You can't drop the certificates and symmetric keys.

    You need to slow down and carefully understand what is happening. When you create encryption, you

    1. Create DMK

    2. Create certificates/asymm key protected by DMK

    3. create symmetric keys protected by cert/asymm key

    4. Encrypt data with keys in #3.

    when you restore this database to another instance.

    1. restore db

    2. restore DMK to this instance, protect by that instances SMK

    3. use your normal code to decrypt data by opening DMK, opening asymm key, opening symm key.

    From what you're describing, it's hard to tell which keys you are moving, restoring, deleting, etc. This stuff gets tricky, so you need to be careful about not only what you do, but how you talk about it.

    You should be able to restore again to your client, then ONLY restore the DMK.