In NCM, pull config on Cisco WLC devices for readable_run-config and readable_running-config is via Terminal and running config is via Term/TFTP.
Enable debug and session logging on DS as per steps in KB article:
https://support.emc.com/kb/323701Execute the pull running configuration job operation on the device. In the
$VOYENCE_HOME/logs/session.log, below entries are found:
Dec 28 06:48:49 666887936/ssh#1: RCV-1001>(ric100wc-01) >
Dec 28 06:48:49 666887936/ssh#1: SND>transfer upload start
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>transfer upload start
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>Mode............................................. TFTP
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>TFTP Server IP................................... 146.xx.xx.xx
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>TFTP Path........................................ /
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>TFTP Filename.................................... 58120.pull
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>Data Type........................................ Config File
Dec 28 06:48:50 666887936/ssh#1: RCV-9999>Encryption....................................... EnabledDec 28 06:48:50 666887936/ssh#1: RCV-9999>Are you sure you want to start? (y/N)
Dec 28 06:48:50 666887936/ssh#1: SND>y
Dec 28 06:49:20 666887936/ssh#1: RCV-1001> y
Dec 28 06:49:20 666887936/ssh#1: RCV-1001>TFTP Config transfer starting.
Dec 28 06:49:20 666887936/ssh#1: RCV-1001>File transfer operation completed successfully.
Dec 28 06:49:20 666887936/ssh#1: RCV-1001>(ric100wc-01) > The highlighted section shows that TFTP encryption is enabled on the device. Hence, NCM will show encrypted data on GUI, rather than original configuration.