This issue is caused by a failure in some SSL plugins to properly protect all authenticated pages with SSL. Errors in these plugins may leave your site(s) vulnerable to attacks by allowing authentication over non-SSL connections.
To protect your site credentials, Duo WordPress 2.x will log a user out if the base URL in the Duo cookie is different from the base URL of a page which requests authentication. Among other things, this prevents attackers from potentially stealing your credentials via a MITM attack (which is what SSL would be doing if it were actually protecting the necessary page(s)).
That is to say, when using SSL on your login page the base url picked up by the Duo WordPress cookie is https://example.com. Since https://example.com does NOT match http://example.com, you are logged out when a page begining with http://example.com requests unsecured authentication (preview pages, in this case).
Rolling back to 1.8.1 removes the issue because Duo WordPress 1.x does not perform this URL validation.
The quick (and most secure) resolution is to enable SSL site-wide by changing the base URL from HTTP to HTTPS in your general WordPress settings and removing any SSL plugin.
If you do not want site-wide SSL, the best resolution is to work with the author(s) of your SSL plugin to make sure that ALL authenticated pages are served over HTTPS. (We may also work with the authors of these types of plugins as we have the resources to do so.)
If you have any questions, comments, or support requests please direct them to email@example.com for further assistance.